CVE-2015-0016: Directory traversal vulnerability in the TS WebProxy component in various versions of Microsoft Windows allows remote attackers to gain privileges via a crafted pathname in an executable file.

splash
Back

Description Preview

The vulnerability identified as CVE-2015-0016 is a directory traversal flaw in the TS WebProxy (TSWbPrxy) component present in multiple versions of Microsoft Windows, including Windows Vista, Windows 7, Windows Server 2008, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT. Exploitation of this vulnerability could enable remote attackers to escalate their privileges by manipulating a pathname within an executable file. This manipulation could result in a transition from Low Integrity to Medium Integrity, granting the attacker elevated privileges.

Overview

This vulnerability affects various versions of Microsoft Windows operating systems, allowing remote attackers to gain elevated privileges by exploiting a directory traversal flaw in the TS WebProxy component. The vulnerability was first made public on January 13, 2015. The Common Vulnerability Scoring System (CVSS) v3.1 base score for this vulnerability is 7.8, indicating a high severity level.

Remediation

To mitigate the risk associated with this vulnerability, users are advised to apply the necessary security updates provided by Microsoft. It is recommended to install the relevant patches and updates to address the directory traversal vulnerability in the TS WebProxy component. Regularly updating the affected systems can help prevent potential exploitation and unauthorized privilege escalation.

References

  1. SecurityFocus BID 71965
  2. SecurityTracker ID 1031524
  3. IBM X-Force Vulnerability Report
  4. Trend Micro Security Intelligence Blog
  5. IBM X-Force Vulnerability Report - Update
  6. Exploit Database Entry 35983
  7. Secunia Advisory 62076
  8. Packet Storm Security Advisory
  9. Microsoft Security Bulletin MS15-004

Early Warning

Armis Early Warning customers received an advanced alert on this vulnerability.

Armis Alert Date
Jan 14, 2015
CISA KEV Date
May 25, 2022
2688days early
Learn More

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Transportation & Warehousing
    Transportation & Warehousing
  4. Finance and Insurance
    Finance and Insurance
  5. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  6. Educational Services
    Educational Services
  7. Management of Companies & Enterprises
    Management of Companies & Enterprises
  8. Public Administration
    Public Administration
  9. Retail Trade
    Retail Trade
  10. Utilities
    Utilities
  11. Information
    Information
  12. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Wholesale Trade
    Wholesale Trade
  16. Accommodation & Food Services
    Accommodation & Food Services
  17. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  18. Construction
    Construction
  19. Mining
    Mining
  20. Real Estate Rental & Leasing
    Real Estate Rental & Leasing

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background