CVE-2015-2527

Опубликовано: 09 сент. 2015

Источник: nvd

CVSS2: 7.2

EPSS Средний

Описание

The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Ссылки

http://www.securityfocus.com/bid/76599
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033485
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/38199/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/76599
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033485
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/38199/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14919

Средний

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-w6j5-fvc8-44j6

github

больше 3 лет назад

BDU:2015-11354

fstec

больше 10 лет назад

Уязвимость операционной системы Windows, позволяющая нарушителю повысить свои привилегии