CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 1CVE-2015-1677 – Microsoft Windows NtUserGetScrollBarInfo Stack Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-1677
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680. Los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permiten a usuarios locales evadir el mecanismo de protección ASLR a través de una llamada 'function' manipulada, también conocido como 'vulnerabilidad de la divulgación de la memoria del kernel de Microsoft Windows,' una vulnerabilidad diferente a CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, y CVE-2015-1680. This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the NtUserGetScrollBarInfo function. The issue lies in the failure to sanitize a buffer before returning its contents resulting in the leak of a kernel address. • https://www.exploit-db.com/exploits/37049 http://www.securityfocus.com/bid/74494 http://www.securitytracker.com/id/1032294 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2015-1643
https://notcve.org/view.php?id=CVE-2015-1643
Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability." Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no limitan correctamente los niveles de suplantación, lo que permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la confusión de tipos de NtCreateTransactionManager.' • http://www.securitytracker.com/id/1032113 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-038 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2015-1644
https://notcve.org/view.php?id=CVE-2015-1644
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability." Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no limitan correctamente los niveles de suplantación, lo que permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como 'vulnerabilidad del nombre del dispositivo de Windows MS-DOS.' • http://www.securityfocus.com/bid/73998 http://www.securitytracker.com/id/1032113 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-038 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 12%CPEs: 12EXPL: 0CVE-2015-0091
https://notcve.org/view.php?id=CVE-2015-0091
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0092, and CVE-2015-0093. Adobe Font Driver en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos ejecutar código arbitrario a través de un (1) sitio web o (2) fichero manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de Adobe Font Driver,' una vulnerabilidad diferente a CVE-2015-0088, CVE-2015-0090, CVE-2015-0092, y CVE-2015-0093. • http://www.securityfocus.com/bid/72905 http://www.securitytracker.com/id/1031889 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 5%CPEs: 12EXPL: 0CVE-2015-0089
https://notcve.org/view.php?id=CVE-2015-0089
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0087. Adobe Font Driver en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos obtener información sensible de la memoria del kernel, y posiblemente evadir el mecanismo de protección KASLR, a través de una fuente manipulada, también conocido como 'vulnerabilidad de la divulgación de información de Adobe Font Driver,' una vulnerabilidad diferente a CVE-2015-0087. • http://www.securityfocus.com/bid/72896 http://www.securitytracker.com/id/1031889 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •