CVE-2015-1679 – Microsoft Windows NtUserGetMessage Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1679
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a usuarios locales evadir el mecanismo de protección ASLR a través de una llamada 'function' manipulada, también conocido como 'vulnerabilidad de la divulgación de la memoria del kernel de Microsoft Windows,' una vulnerabilidad diferente a CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, y CVE-2015-1680. This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the NtUserGetMessage function. The issue lies in the failure to sanitize a buffer before returning its contents resulting in the leak of a kernel address. • https://www.exploit-db.com/exploits/37049 http://www.securityfocus.com/bid/74496 http://www.securitytracker.com/id/1032294 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1674 – Microsoft Windows CNG Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1674
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability." El kernel en Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no valida correctamente una dirección no especificada, lo que permite a usuarios locales evadir el mecanismo de protección KASLR, y como consecuencia descubrir la dirección de la base cng.sys, a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la evasión de la característica de seguridad del kernel de Windows.' This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the cng.sys driver. The issue lies in a series of IOCTLs that return pointers to functions within the driver. • https://www.exploit-db.com/exploits/37052 http://www.securityfocus.com/bid/74488 http://www.securitytracker.com/id/1032292 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-052 • CWE-254: 7PK - Security Features •
CVE-2015-1678 – Microsoft Windows NtUserGetComboBoxInfo Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1678
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a usuarios locales evadir el mecanismo de protección ASLR a través de una llamada 'function' manipulada, también conocido como 'vulnerabilidad de la divulgación de la memoria del kernel de Microsoft Windows,' una vulnerabilidad diferente a CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, y CVE-2015-1680. This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the NtUserGetComboBoxInfo function. The issue lies in the failure to sanitize a buffer before returning its contents resulting in the leak of a kernel address. • https://www.exploit-db.com/exploits/37049 http://www.securityfocus.com/bid/74495 http://www.securitytracker.com/id/1032294 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1676 – Microsoft Windows NtUserGetTitleBarInfo Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1676
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a usuarios locales evadir el mecanismo de protección ASLR a través de una llamada 'function' manipulada, también conocido como 'vulnerabilidad de la divulgación de la memoria del kernel de Microsoft Windows,' una vulnerabilidad diferente a CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, y CVE-2015-1680. This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the NtUserGetTitleBarInfo function. The issue lies in the failure to sanitize a buffer before returning its contents resulting in the leak of a kernel address. • https://www.exploit-db.com/exploits/37049 http://www.securityfocus.com/bid/74483 http://www.securitytracker.com/id/1032294 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1681 – Microsoft Windows .MSC Stack Buffer Overflow Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2015-1681
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service via a crafted .msc file, aka "Microsoft Management Console File Format Denial of Service Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a usuarios locales causar una denegación de servicio a través de un fichero .msc manipulado, también conocido como 'vulnerabilidad de la denegación de servicio del formato de ficheros de Microsoft Management Console.' This vulnerability allows an attacker to cause a denial of service condition on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit open a malicious directory or device. The specific flaw exists within the handling of Microsoft Management Console Snap-in Control files (.msc files). These files can contain encoded icons for display in the Windows shell or common file dialogs. • http://www.securityfocus.com/bid/74486 http://www.securitytracker.com/id/1032286 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •