CVSS: 9.3EPSS: 12%CPEs: 10EXPL: 0CVE-2015-1697
https://notcve.org/view.php?id=CVE-2015-1697
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699. Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a atacantes remotos ejecutar código arbitrario a través de un fichero Journal manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de Windows Journal,' una vulnerabilidad diferente a CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, y CVE-2015-1699. • http://www.securitytracker.com/id/1032280 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1096 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0CVE-2015-1716
https://notcve.org/view.php?id=CVE-2015-1716
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka "Schannel Information Disclosure Vulnerability." Schannel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no restringe correctamente las longitudes de las claves Diffie-Hellman Ephemeral (DFE), lo que facilita a atacantes remotos vencer los mecanismos de protección criptográficos a través de vectores no especificados, también conocido como 'vulnerabilidad de la divulgación de información de Schannel.' • http://www.securityfocus.com/bid/74489 http://www.securitytracker.com/id/1032283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-055 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 12%CPEs: 10EXPL: 0CVE-2015-1696
https://notcve.org/view.php?id=CVE-2015-1696
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699. Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a atacantes remotos ejecutar código arbitrario a través de un fichero Journal manipulado, también conocido como 'vulnerabilidad de ejecución de código remoto de Windows Journal,' una vulnerabilidad diferente a CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, y CVE-2015-1699. • http://www.securitytracker.com/id/1032280 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1095 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 32%CPEs: 10EXPL: 0CVE-2015-1699
https://notcve.org/view.php?id=CVE-2015-1699
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698. Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a atacantes remotos ejecutar código arbitrario a través de un fichero Journal manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de Windows Journal,' una vulnerabilidad diferente a CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, y CVE-2015-1698. • http://www.securitytracker.com/id/1032280 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-045 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 1CVE-2015-1680 – Microsoft Windows NtUserRealInternalGetMessage Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1680
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679. Los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a usuarios locales evadir el mecanismo de protección ASLR a través de una llamada 'function' manipulada, también conocido como 'vulnerabilidad de la divulgación de la memoria del kernel de Microsoft Windows,' una vulnerabilidad diferente a CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, y CVE-2015-1679. This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the NtUserRealInternalGetMessage function. The issue lies in the failure to sanitize a buffer before returning its contents resulting in the leak of a kernel address. • https://www.exploit-db.com/exploits/37049 http://www.securityfocus.com/bid/74497 http://www.securitytracker.com/id/1032294 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •