CVE-2015-2465

Опубликовано: 15 авг. 2015

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Shell Security Feature Bypass Vulnerability."

Ссылки

http://www.securitytracker.com/id/1033238
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080
Patch
Vendor Advisory
http://www.securitytracker.com/id/1033238
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00562

Низкий

2.1 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-vqqj-j5r9-xh73

github

больше 3 лет назад