CVE-2015-2554

Опубликовано: 14 окт. 2015

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."

Ссылки

http://www.securityfocus.com/bid/76998
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033805
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-111
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/38580/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/76998
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033805
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-111
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/38580/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02213

Низкий

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-8m22-qgcw-2mj3

github

больше 3 лет назад

BDU:2015-11690

fstec

больше 10 лет назад

Уязвимость операционной системы Windows, позволяющая нарушителю повысить свои привилегии