Skip to content

CVE-2015-1701

is CVE-2015-1701real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch
High · CVSS 7.8EPSS 56.2%CISA KEVCWE-264

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."

References

NVD MITRE CVE.org CISA KEV

Published

Embed this verdict
TruePositive verdict for CVE-2015-1701
Markdown
[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2015-1701/badge.svg)](https://www.truepositive.app/cve/CVE-2015-1701)
HTML
<a href="https://www.truepositive.app/cve/CVE-2015-1701"><img src="https://www.truepositive.app/cve/CVE-2015-1701/badge.svg" alt="TruePositive verdict for CVE-2015-1701"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: Critical (Critical 2) — CVSS base score 7.8

Practitioners rate this higher than its CVSS — treat with extra caution.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Diego RamírezCurated

    Confirmed exploited in the wild — listed in the CISA KEV catalog (added 2022-03-03). Linked to known ransomware campaigns. Treat as real and prioritize patching over triage.

Related CVEs

Same weaknessCWE-264.