Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2025-13220

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 14 ΠΎΠΊΡ‚. 2025
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: fstec
CVSS3: 7
CVSS2: 6
EPSS Низкий

ОписаниС

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ систСмной слуТбы событий COM+ Event System Service ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы Windows связана с ΠΏΠ΅Ρ€Π΅ΠΏΠΎΠ»Π½Π΅Π½ΠΈΠ΅ΠΌ Π±ΡƒΡ„Π΅Ρ€Π° Π² динамичСской памяти. Эксплуатация уязвимости ΠΌΠΎΠΆΠ΅Ρ‚ ΠΏΠΎΠ·Π²ΠΎΠ»ΠΈΡ‚ΡŒ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ ΠΏΠΎΠ²Ρ‹ΡΠΈΡ‚ΡŒ свои ΠΏΡ€ΠΈΠ²ΠΈΠ»Π΅Π³ΠΈΠΈ

Π’Π΅Π½Π΄ΠΎΡ€

Microsoft Corp

НаимСнованиС ПО

Windows Server 2008 R2 Service Pack 1 (Server Core installation)
Windows Server 2008 R2 Service Pack 1
Windows Server 2008 Service Pack 2 (Server Core Installation)
Windows Server 2008 Service Pack 2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 1607
Windows 10
Windows Server 2025
Windows 11 24H2
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 23H2
Windows Server 2025 (Server Core installation)
Windows 10 22H2
Windows 11 22H2
Windows 10 21H2
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 1809
Windows 11 25H2

ВСрсия ПО

Π΄ΠΎ 6.1.7601.27974 (Windows Server 2008 R2 Service Pack 1 (Server Core installation))
Π΄ΠΎ 6.1.7601.27974 (Windows Server 2008 R2 Service Pack 1)
Π΄ΠΎ 6.0.6003.23571 (Windows Server 2008 Service Pack 2 (Server Core Installation))
Π΄ΠΎ 6.0.6003.23571 (Windows Server 2008 Service Pack 2 (Server Core Installation))
Π΄ΠΎ 6.0.6003.23571 (Windows Server 2008 Service Pack 2)
Π΄ΠΎ 6.0.6003.23571 (Windows Server 2008 Service Pack 2)
Π΄ΠΎ 6.3.9600.22824 (Windows Server 2012 R2 (Server Core installation))
Π΄ΠΎ 6.3.9600.22824 (Windows Server 2012 R2)
Π΄ΠΎ 6.2.9200.25722 (Windows Server 2012 (Server Core installation))
Π΄ΠΎ 6.2.9200.25722 (Windows Server 2012)
Π΄ΠΎ 10.0.14393.8519 (Windows Server 2016 (Server Core installation))
Π΄ΠΎ 10.0.14393.8519 (Windows Server 2016)
Π΄ΠΎ 10.0.14393.8519 (Windows 10 1607)
Π΄ΠΎ 10.0.14393.8519 (Windows 10 1607)
Π΄ΠΎ 10.0.10240.21161 (Windows 10)
Π΄ΠΎ 10.0.10240.21161 (Windows 10)
Π΄ΠΎ 10.0.26100.6899 (Windows Server 2025)
Π΄ΠΎ 10.0.26100.6899 (Windows 11 24H2)
Π΄ΠΎ 10.0.26100.6899 (Windows 11 24H2)
Π΄ΠΎ 10.0.25398.1913 (Windows Server 2022, 23H2 Edition (Server Core installation))
Π΄ΠΎ 10.0.22631.6060 (Windows 11 23H2)
Π΄ΠΎ 10.0.22631.6060 (Windows 11 23H2)
Π΄ΠΎ 10.0.26100.6899 (Windows Server 2025 (Server Core installation))
Π΄ΠΎ 10.0.19045.6456 (Windows 10 22H2)
Π΄ΠΎ 10.0.19045.6456 (Windows 10 22H2)
Π΄ΠΎ 10.0.19045.6456 (Windows 10 22H2)
Π΄ΠΎ 10.0.22621.6060 (Windows 11 22H2)
Π΄ΠΎ 10.0.22621.6060 (Windows 11 22H2)
Π΄ΠΎ 10.0.19044.6456 (Windows 10 21H2)
Π΄ΠΎ 10.0.19044.6456 (Windows 10 21H2)
Π΄ΠΎ 10.0.19044.6456 (Windows 10 21H2)
Π΄ΠΎ 10.0.20348.4294 (Windows Server 2022 (Server Core installation))
Π΄ΠΎ 10.0.20348.4294 (Windows Server 2022)
Π΄ΠΎ 10.0.17763.7919 (Windows Server 2019 (Server Core installation))
Π΄ΠΎ 10.0.17763.7919 (Windows Server 2019)
Π΄ΠΎ 10.0.17763.7919 (Windows 10 1809)
Π΄ΠΎ 10.0.17763.7919 (Windows 10 1809)
Π΄ΠΎ 10.0.26200.6899 (Windows 11 25H2)
Π΄ΠΎ 10.0.26200.6899 (Windows 11 25H2)

Вип ПО

ΠžΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½Π°Ρ систСма

ΠžΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½Ρ‹Π΅ систСмы ΠΈ Π°ΠΏΠΏΠ°Ρ€Π°Ρ‚Π½Ρ‹Π΅ ΠΏΠ»Π°Ρ‚Ρ„ΠΎΡ€ΠΌΡ‹

Microsoft Corp Windows Server 2008 R2 Service Pack 1 (Server Core installation) Π΄ΠΎ 6.1.7601.27974
Microsoft Corp Windows Server 2008 R2 Service Pack 1 Π΄ΠΎ 6.1.7601.27974
Microsoft Corp Windows Server 2008 Service Pack 2 (Server Core Installation) Π΄ΠΎ 6.0.6003.23571
Microsoft Corp Windows Server 2008 Service Pack 2 (Server Core Installation) Π΄ΠΎ 6.0.6003.23571
Microsoft Corp Windows Server 2008 Service Pack 2 Π΄ΠΎ 6.0.6003.23571
Microsoft Corp Windows Server 2008 Service Pack 2 Π΄ΠΎ 6.0.6003.23571
Microsoft Corp Windows Server 2012 R2 (Server Core installation) Π΄ΠΎ 6.3.9600.22824
Microsoft Corp Windows Server 2012 R2 Π΄ΠΎ 6.3.9600.22824
Microsoft Corp Windows Server 2012 (Server Core installation) Π΄ΠΎ 6.2.9200.25722
Microsoft Corp Windows Server 2012 Π΄ΠΎ 6.2.9200.25722
Microsoft Corp Windows Server 2016 (Server Core installation) Π΄ΠΎ 10.0.14393.8519
Microsoft Corp Windows Server 2016 Π΄ΠΎ 10.0.14393.8519
Microsoft Corp Windows 10 1607 Π΄ΠΎ 10.0.14393.8519
Microsoft Corp Windows 10 1607 Π΄ΠΎ 10.0.14393.8519
Microsoft Corp Windows 10 Π΄ΠΎ 10.0.10240.21161
Microsoft Corp Windows 10 Π΄ΠΎ 10.0.10240.21161
Microsoft Corp Windows Server 2025 Π΄ΠΎ 10.0.26100.6899
Microsoft Corp Windows 11 24H2 Π΄ΠΎ 10.0.26100.6899
Microsoft Corp Windows 11 24H2 Π΄ΠΎ 10.0.26100.6899
Microsoft Corp Windows Server 2022, 23H2 Edition (Server Core installation) Π΄ΠΎ 10.0.25398.1913
Microsoft Corp Windows 11 23H2 Π΄ΠΎ 10.0.22631.6060
Microsoft Corp Windows 11 23H2 Π΄ΠΎ 10.0.22631.6060
Microsoft Corp Windows Server 2025 (Server Core installation) Π΄ΠΎ 10.0.26100.6899
Microsoft Corp Windows 10 22H2 Π΄ΠΎ 10.0.19045.6456
Microsoft Corp Windows 10 22H2 Π΄ΠΎ 10.0.19045.6456
Microsoft Corp Windows 10 22H2 Π΄ΠΎ 10.0.19045.6456
Microsoft Corp Windows 11 22H2 Π΄ΠΎ 10.0.22621.6060
Microsoft Corp Windows 11 22H2 Π΄ΠΎ 10.0.22621.6060
Microsoft Corp Windows 10 21H2 Π΄ΠΎ 10.0.19044.6456
Microsoft Corp Windows 10 21H2 Π΄ΠΎ 10.0.19044.6456
Microsoft Corp Windows 10 21H2 Π΄ΠΎ 10.0.19044.6456
Microsoft Corp Windows Server 2022 (Server Core installation) Π΄ΠΎ 10.0.20348.4294
Microsoft Corp Windows Server 2022 Π΄ΠΎ 10.0.20348.4294
Microsoft Corp Windows Server 2019 (Server Core installation) Π΄ΠΎ 10.0.17763.7919
Microsoft Corp Windows Server 2019 Π΄ΠΎ 10.0.17763.7919
Microsoft Corp Windows 10 1809 Π΄ΠΎ 10.0.17763.7919
Microsoft Corp Windows 10 1809 Π΄ΠΎ 10.0.17763.7919
Microsoft Corp Windows 11 25H2 Π΄ΠΎ 10.0.26200.6899
Microsoft Corp Windows 11 25H2 Π΄ΠΎ 10.0.26200.6899

Π£Ρ€ΠΎΠ²Π΅Π½ΡŒ опасности уязвимости

Π‘Ρ€Π΅Π΄Π½ΠΈΠΉ ΡƒΡ€ΠΎΠ²Π΅Π½ΡŒ опасности (базовая ΠΎΡ†Π΅Π½ΠΊΠ° CVSS 2.0 составляСт 6)
Высокий ΡƒΡ€ΠΎΠ²Π΅Π½ΡŒ опасности (базовая ΠΎΡ†Π΅Π½ΠΊΠ° CVSS 3.1 составляСт 7)

Π’ΠΎΠ·ΠΌΠΎΠΆΠ½Ρ‹Π΅ ΠΌΠ΅Ρ€Ρ‹ ΠΏΠΎ ΡƒΡΡ‚Ρ€Π°Π½Π΅Π½ΠΈΡŽ уязвимости

ИспользованиС Ρ€Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°Ρ†ΠΈΠΉ:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58725

Бтатус уязвимости

ΠŸΠΎΠ΄Ρ‚Π²Π΅Ρ€ΠΆΠ΄Π΅Π½Π° ΠΏΡ€ΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡ‚Π΅Π»Π΅ΠΌ

НаличиС эксплойта

Π”Π°Π½Π½Ρ‹Π΅ ΡƒΡ‚ΠΎΡ‡Π½ΡΡŽΡ‚ΡΡ

Π˜Π½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΡ ΠΎΠ± устранСнии

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ устранСна

Бсылки Π½Π° источники

Π˜Π΄Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ‚ΠΎΡ€Ρ‹ Π΄Ρ€ΡƒΠ³ΠΈΡ… систСм описаний уязвимостСй

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 16%
0.00052
Низкий

7 High

CVSS3

6 Medium

CVSS2

БвязанныС уязвимости

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-58725

CVSS3: 7
nvd
2 мСсяца Π½Π°Π·Π°Π΄

Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.

msrc Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-58725

CVSS3: 7
msrc
2 мСсяца Π½Π°Π·Π°Π΄

Windows COM+ Event System Service Elevation of Privilege Vulnerability

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-82pw-jh4v-8qp7

CVSS3: 7
github
2 мСсяца Π½Π°Π·Π°Π΄

Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 16%
0.00052
Низкий

7 High

CVSS3

6 Medium

CVSS2

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ BDU:2025-13220