Vulnerability Details : CVE-2015-0004
The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."
Vulnerability category: Gain privilege
Exploit prediction scoring system (EPSS) score for CVE-2015-0004
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-0004
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-0004
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0004
-
http://www.securityfocus.com/bid/71967
Microsoft Windows CVE-2015-0004 Local Privilege Escalation Vulnerability
-
https://code.google.com/p/google-security-research/issues/detail?id=123
123 - Windows Elevation of Privilege in User Profile Service - project-zero - MonorailExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99519
Microsoft Windows User Profile Service privilege escalation CVE-2015-0004 Vulnerability Report
-
http://secunia.com/advisories/61927
Sign in
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99520
Microsoft Knowledge Base Article 3021674 is not installed CVE-2015-0004 Vulnerability Report
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-003
Microsoft Security Bulletin MS15-003 - Important | Microsoft Docs
Products affected by CVE-2015-0004
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*
- cpe:2.3:o:microsoft:windows_rt:-:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*