CVE-2015-5465 : Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allow

Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.

Published 2015-09-16 18:59:04

Updated 2018-10-09 19:57:36

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-5465

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-5465

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2015-5465

https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt

Exploit
http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html

SiS Windows VGA Display Manager Privilege Escalation ≈ Packet Storm
Exploit
http://www.securityfocus.com/archive/1/536370/100/0/threaded

SecurityFocus
http://seclists.org/fulldisclosure/2015/Sep/1

Full Disclosure: KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation
Exploit
https://www.exploit-db.com/exploits/38054/

SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where (PoC)
Exploit

Products affected by CVE-2015-5465

SIS » Windows Vga Display Manager » Version: 6.14.10.3930
cpe:2.3:a:sis:windows_vga_display_manager:6.14.10.3930:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-5465

Exploit prediction scoring system (EPSS) score for CVE-2015-5465

CVSS scores for CVE-2015-5465

References for CVE-2015-5465

Products affected by CVE-2015-5465