CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-0077 – Microsoft Windows NtUserfnINSTRINGNULL Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2015-0077
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." Los controladores del modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no inicializan correctamente los buffers de funciones, lo que permite a usuarios locales obtener información sensible de la memoria del kernel, y posiblemente evadir el mecanismo de protección ASLR, a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la divulgación de información de la memoria del kernel de Microsoft Windows.' This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NtUserfnINSTRINGNULL function. The issue lies in the failure to sanitize a buffer before calling a userland function resulting in the leak of a kernel address. • http://www.securityfocus.com/bid/72897 http://www.securitytracker.com/id/1031897 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-0094 – Microsoft Windows NtUserfnINOUTNCCALCSIZE Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2015-0094
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." Los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no restringe correctamente la disponibilidad de la información de direcciones durante la llamada a una función, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la divulgación de la memoria del kernel de Microsoft Windows.' This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NtUserfnINOUTNCCALCSIZE function. The issue lies in the failure to sanitize a buffer before calling a userland function resulting in the leak of an address on the kernel trap frame. • http://www.securitytracker.com/id/1031897 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 7%CPEs: 12EXPL: 1CVE-2015-0081 – Microsoft Windows Text Services Out-Of-Bounds Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0081
Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability." Windows Text Services (WTS) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos ejecutar código arbitrario a través de un (1) sitio web o (2) fichero manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de WTS.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Windows Text Services processes certain objects. By opening a malformed document, an attacker can force MSCFT.dll to access memory outside the bounds of an array. • https://www.exploit-db.com/exploits/36336 http://www.securityfocus.com/bid/72886 http://www.securitytracker.com/id/1031890 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-020 • CWE-19: Data Processing Errors •
CVSS: 4.3EPSS: 96%CPEs: 12EXPL: 0CVE-2015-1637
https://notcve.org/view.php?id=CVE-2015-1637
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067. Schannel (también conocido como Secure Channel) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT Gold y 8.1 no restringe adecuadamente transiciones de estado TLS, lo que facilita a atacantes remotos llevar a cabo ataques de cifrado rebajado para cifrados EXPORT_RSA a través de tráfico TLS manipulado, relacionado con el problema "FREAK", una vulnerabilidad diferente a CVE-2015-0204 y CVE-2015-1067. • http://web.archive.org/web/20150321220028/https://freakattack.com http://www.securityfocus.com/bid/72965 http://www.securitytracker.com/id/1031833 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031 https://freakattack.com https://technet.microsoft.com/library/security/3046015 • CWE-310: Cryptographic Issues •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 1CVE-2015-0060 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0060
The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." El mapeador de fuentes en win32k.sys en los controladores del modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no escala correctamente las fuentes, lo que permite a usuarios locales causar una denegación de servicio (cuelgue de sistema) a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la denegación de servicio de los controladores de fuentes de Windows.' • https://www.exploit-db.com/exploits/37098 http://www.securityfocus.com/bid/72472 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/100434 • CWE-19: Data Processing Errors •