CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2015-1702
https://notcve.org/view.php?id=CVE-2015-1702
13 May 2015 — The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Service Control Manager Elevation of Privilege Vulnerability." Service Control Manager (SCM) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows S... • http://www.securityfocus.com/bid/74492 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 89%CPEs: 25EXPL: 0CVE-2015-1671 – Microsoft Windows Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1671
13 May 2015 — The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." La librería DirectWrite de Windows, utilizada en Microsoft... • http://www.securityfocus.com/bid/74490 •
CVSS: 5.5EPSS: 7%CPEs: 12EXPL: 1CVE-2015-1677 – Microsoft Windows NtUserGetScrollBarInfo Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1677
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 7%CPEs: 12EXPL: 1CVE-2015-1679 – Microsoft Windows NtUserGetMessage Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1679
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 7%CPEs: 12EXPL: 1CVE-2015-1676 – Microsoft Windows NtUserGetTitleBarInfo Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1676
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 7%CPEs: 12EXPL: 1CVE-2015-1680 – Microsoft Windows NtUserRealInternalGetMessage Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1680
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 7%CPEs: 12EXPL: 1CVE-2015-1678 – Microsoft Windows NtUserGetComboBoxInfo Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1678
12 May 2015 — The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft ... • https://www.exploit-db.com/exploits/37049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 34%CPEs: 5EXPL: 6CVE-2015-1701 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-1701
21 Apr 2015 — Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability." Win32k.sys en los controladores kernel-mode en Microsoft Windows Server 2003 SP2, Vista SP2 y Server 2008 SP2 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, tal y como se explota activamente en Abril de 2015, t... • https://packetstorm.news/files/id/132403 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2015-1643
https://notcve.org/view.php?id=CVE-2015-1643
14 Apr 2015 — Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability." Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server ... • http://www.securitytracker.com/id/1032113 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 85%CPEs: 6EXPL: 0CVE-2015-1645 – Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2015-1645
14 Apr 2015 — Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability." Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, y Windows 7 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de una imagen Enhanced Metafile (EMF) manipulada, también conocido como 'vulnerabil... • http://packetstormsecurity.com/files/131457/Microsoft-Windows-GDI-MRSETDIBITSTODEVICE-bPlay-EMF-Parsing-Memory-Corruption.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •