CVE-2015-2528

Опубликовано: 09 сент. 2015

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2524.

Ссылки

http://packetstormsecurity.com/files/159109/Microsoft-Windows-CloudExperienceHostBroker-Privilege-Escalation.html
http://www.securitytracker.com/id/1033494
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/38201/
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159109/Microsoft-Windows-CloudExperienceHostBroker-Privilege-Escalation.html
http://www.securitytracker.com/id/1033494
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/38201/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01436

Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-f58p-gqp9-5mv3

github

больше 3 лет назад

BDU:2015-11353

fstec

больше 10 лет назад

Уязвимость операционной системы Windows, позволяющая нарушителю повысить свои привилегии