7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.164 Low
EPSS
Percentile
95.5%
Name | ms15_102 |
---|---|
CVE | CVE-2015-2525 Exploit Pack |
Notes: | |
This module exploits a vulnerability on the Task Scheduler Service (schedsvc.dll). | |
When a scheduled task is created with the DeleteExpiredTaskAfter (https://msdn.microsoft.com/en-us/library/windows/desktop/aa381847(v=vs.85).aspx) property set, the Task Scheduler will wait that amount of time before deleting the task and its related file. The problem arises because the service deletes the file (through a DeleteFile call) on a callback thread running as local system. | |
Therefore a junction attack can be mounted against the deletion process. Giving the attacker the primitive to delete any file on the system which local system can delete. |
References:
https://technet.microsoft.com/en-us/library/security/ms15-102.aspx
Tested on:
Windows 8.1 Enterprise x86
Windows 7 Ultimate SP1 x86
Windows 7 Professional SP1 x64
VENDOR: Microsoft
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2525
CVE Name: CVE-2015-2525