CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 1CVE-2015-6171 – Microsoft Windows Kernel - 'win32k!OffsetChildren' Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2015-6171
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6173 and CVE-2015-6174. El kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Windows Kernel Memory Elevation of Privilege Vulnerability', una vulnerabilidad diferente a CVE-2015-6173 y CVE-2015-6174. • https://www.exploit-db.com/exploits/39025 http://www.securitytracker.com/id/1034334 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-135 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 95%CPEs: 13EXPL: 4CVE-2015-6132 – Office OLE Multiple DLL Side Loading Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-6132
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 Gold y 1511 no manejan adecuadamente el cargado de librería, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Windows Library Loading Remote Code Execution Vulnerability'. • https://www.exploit-db.com/exploits/41706 https://www.exploit-db.com/exploits/38968 https://github.com/hexx0r/CVE-2015-6132 http://www.securitytracker.com/id/1034338 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132 https://securify.nl/advisory/SFY20150801/com__services_dll_side_loading_vulnerability.html https://securify.nl/advisory/SFY20150805/event_viewer_snapin_multiple_dll_side_loading_vulnerabilities.html https://securify.nl/advisory/SFY20150803/windows_authentication • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 88%CPEs: 6EXPL: 1CVE-2015-6152 – Microsoft Internet Explorer 11 - MSHTML!CObjectElement Use-After-Free (MS15-124)
https://notcve.org/view.php?id=CVE-2015-6152
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6162. Microsoft Internet Explorer 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6162. Microsoft Internet Explorer 11 suffers from a MSHTML!CObjectElement use-after-free vulnerability. • https://www.exploit-db.com/exploits/38972 http://www.securitytracker.com/id/1034315 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-6111
https://notcve.org/view.php?id=CVE-2015-6111
IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles encryption negotiation, which allows remote authenticated users to cause a denial of service (system hang) via crafted IP traffic, aka "Windows IPSec Denial of Service Vulnerability." IPSec en Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 Gold y 1511 no maneja correctamente la negociación de cifrado, lo que permite a usuarios remotos autenticados causar una denegación de servicio (cuelgue del sistema) a través de tráfico IP manipulado, también conocida como 'Windows IPSec Denial of Service Vulnerability'. • http://www.securitytracker.com/id/1034123 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-120 • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 73%CPEs: 13EXPL: 1CVE-2015-6102 – Microsoft Windows - Cursor Object Memory Leak (MS15-115)
https://notcve.org/view.php?id=CVE-2015-6102
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." El kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 Gold y 1511 permite a usuarios locales eludir el mecanismo de protección KASLR, y como consecuencia descubrir una dirección base de driver, a través de una aplicación manipulada, también conocida como 'Windows Kernel Memory Information Disclosure Vulnerability'. • https://www.exploit-db.com/exploits/38794 http://packetstormsecurity.com/files/134519/Microsoft-Windows-Cursor-Object-Potential-Memory-Leak.html http://www.securitytracker.com/id/1034114 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •