CVSS: 9.3EPSS: 97%CPEs: 12EXPL: 3CVE-2015-0096 – Microsoft Windows .LNK DLL Planting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0096
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability." Vulnerabilidad de ruta de búsqueda no confiable en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a usuarios locales ganar privilegios a través de un DLL troyano en el directorio de trabajos actuales, que conduce a una carga de DLL durante el acceso de Windows Explorer al icono de un atajo manipulado, también conocido como 'vulnerabilidad de la ejecución remoto de la implantación de DLL.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious directory or device. The specific flaw exists within the handling of LNK files by the Windows shell. By providing a pair of crafted files, an attacker is able to force the Explorer process to load an arbitrary DLL when displaying file icons in the directory view. • https://www.exploit-db.com/exploits/14403 http://www.securityfocus.com/bid/72894 http://www.securitytracker.com/id/1031890 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-020 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Full-details-on-CVE-2015-0096-and-the-failed-MS10-046-Stuxnet/ba-p/6718459#.VQBOymTF9so https://github.com/rapid7/metasploit-framework/pull/4911 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows&# • CWE-426: Untrusted Search Path •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-0077 – Microsoft Windows NtUserfnINSTRINGNULL Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2015-0077
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." Los controladores del modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no inicializan correctamente los buffers de funciones, lo que permite a usuarios locales obtener información sensible de la memoria del kernel, y posiblemente evadir el mecanismo de protección ASLR, a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la divulgación de información de la memoria del kernel de Microsoft Windows.' This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NtUserfnINSTRINGNULL function. The issue lies in the failure to sanitize a buffer before calling a userland function resulting in the leak of a kernel address. • http://www.securityfocus.com/bid/72897 http://www.securitytracker.com/id/1031897 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 7%CPEs: 12EXPL: 1CVE-2015-0081 – Microsoft Windows Text Services Out-Of-Bounds Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0081
Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability." Windows Text Services (WTS) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos ejecutar código arbitrario a través de un (1) sitio web o (2) fichero manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de WTS.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Windows Text Services processes certain objects. By opening a malformed document, an attacker can force MSCFT.dll to access memory outside the bounds of an array. • https://www.exploit-db.com/exploits/36336 http://www.securityfocus.com/bid/72886 http://www.securitytracker.com/id/1031890 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-020 • CWE-19: Data Processing Errors •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-0094 – Microsoft Windows NtUserfnINOUTNCCALCSIZE Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2015-0094
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." Los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no restringe correctamente la disponibilidad de la información de direcciones durante la llamada a una función, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la divulgación de la memoria del kernel de Microsoft Windows.' This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NtUserfnINOUTNCCALCSIZE function. The issue lies in the failure to sanitize a buffer before calling a userland function resulting in the leak of an address on the kernel trap frame. • http://www.securitytracker.com/id/1031897 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 96%CPEs: 12EXPL: 0CVE-2015-1637
https://notcve.org/view.php?id=CVE-2015-1637
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067. Schannel (también conocido como Secure Channel) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT Gold y 8.1 no restringe adecuadamente transiciones de estado TLS, lo que facilita a atacantes remotos llevar a cabo ataques de cifrado rebajado para cifrados EXPORT_RSA a través de tráfico TLS manipulado, relacionado con el problema "FREAK", una vulnerabilidad diferente a CVE-2015-0204 y CVE-2015-1067. • http://web.archive.org/web/20150321220028/https://freakattack.com http://www.securityfocus.com/bid/72965 http://www.securitytracker.com/id/1031833 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031 https://freakattack.com https://technet.microsoft.com/library/security/3046015 • CWE-310: Cryptographic Issues •