431 results (0.009 seconds)

CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability." Win32k.sys en los controladores de modo kernel en Microsoft Windows Server 2003 SP2 y R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold and 8.1 permite a usuarios locales obtener informacion sensible de la memoria no inicializada del kernel a través de una aplicación manipulada, también conocida como “Vulnerabilidad de Revelación de informacion en Win32k.” This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the NtUserDisableProcessWindowFiltering function. The issue lies in the failure to sanitize a stack variable before returning it to the user. • http://www.securitytracker.com/id/1032904 http://www.zerodayinitiative.com/advisories/ZDI-15-536 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-073 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 0

The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability." El componente gráfico en Microsoft Windows Server 2003 SP2 y R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold and 8.1, permite a usuarios locales obtener privilegios a través de una aplicación diseñada que aprovecha una conversión de mapas de bits incorrectos, error conocido como 'Graphics Component EOP Vulnerability.' • http://www.securitytracker.com/id/1032902 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-072 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 1

The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability." La implementación de autenticación en el sub-sistema RPC en Microsoft Windows Server 2003 SP2 y R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no previene DCE/RPC connection reflection, lo que permite a usuarios locales obtener privilegios través de una aplicación específicamente diseñada para este fin, error conocido como 'Windows RPC Elevation of Privilege Vulnerability.' • https://www.exploit-db.com/exploits/37768 http://www.securitytracker.com/id/1032907 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-076 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 5%CPEs: 14EXPL: 0

OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417. El objeto OLE en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos obtener privilegios mediante una entrada especialmente diseñada para este fin, como se demuestra por una transición desde integridad baja hasta integridad media, error conocido como 'OLE Elevation of Privilege Vulnerability', una vulnerabilidad diferente de CVE-2015-2417. • http://www.securitytracker.com/id/1032906 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-075 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 5%CPEs: 14EXPL: 0

OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416. OLE en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos la escalada de privilegios a través de entrada manipulada, también conocida como 'Vulnerabilidad de Escalado de Provilegios OLE', una vulnerabilidad diferente a CVE-2015-2416. • http://www.securitytracker.com/id/1032906 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-075 • CWE-20: Improper Input Validation •