CVE-2015-0011 : mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windo

mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."

Published 2015-01-13 22:59:04

Updated 2025-04-12 10:46:41

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2015-0011

Microsoft » Windows Server 2003 » Update SP2
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8 » Version: N/A
cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A Update Gold
cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2 For X64
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*
Matching versions
Microsoft » Windows Rt » Version: N/A Update Gold
cpe:2.3:o:microsoft:windows_rt:-:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-0011

EPSS FAQ

0.63%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 68 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-0011

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.7	MEDIUM	AV:L/AC:M/Au:N/C:N/I:C/A:N	3.4	6.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Complete Availability Impact: None

CWE ids for CVE-2015-0011

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0011

http://www.securityfocus.com/bid/71960

Microsoft Windows Kernel 'mrxdav.sys' CVE-2015-0011 Local Privilege Escalation Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/99526

Microsoft Knowledge Base Article 3019215 is not installed CVE-2015-0011 Vulnerability Report
https://exchange.xforce.ibmcloud.com/vulnerabilities/99527

Microsoft WebDAV privilege escalation CVE-2015-0011 Vulnerability Report
http://www.securitytracker.com/id/1031531

Microsoft Windows WebDAV Kernel-Mode Driver Lets Local Users Gain Elevated Privileges - SecurityTracker
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-008

Microsoft Security Bulletin MS15-008 - Important | Microsoft Docs
http://secunia.com/advisories/62154

Sign in

Jump to

Vulnerability Details : CVE-2015-0011

Products affected by CVE-2015-0011

Exploit prediction scoring system (EPSS) score for CVE-2015-0011

CVSS scores for CVE-2015-0011

CWE ids for CVE-2015-0011

References for CVE-2015-0011