CVE-2015-0002

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to the improper verification of an impersonation token's association with an administrative account by the AhcVerifyAdminContext function in the Application Compatibility component. This allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file. An elevation of privilege vulnerability exists in how the Microsoft Windows Application Compatibility Infrastructure (AppCompat) improperly checks the authorization of the caller's impersonation token, which could be exploited by an attacker to run a privileged application.

Recommendations For Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.