CVSS: 5.0EPSS: 5%CPEs: 12EXPL: 0CVE-2015-0087
https://notcve.org/view.php?id=CVE-2015-0087
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly bypass the KASLR protection mechanism, via a crafted font, aka "Adobe Font Driver Information Disclosure Vulnerability," a different vulnerability than CVE-2015-0089. Adobe Font Driver en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos obtener información sensible de la memoria del kernel, y posiblemente evadir el mecanismo de protección KASLR, a través de una fuente manipulada, también conocido como 'vulnerabilidad de la divulgación de información de Adobe Font Driver,' una vulnerabilidad diferente a CVE-2015-0089. • http://www.securityfocus.com/bid/72893 http://www.securitytracker.com/id/1031889 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2015-0074
https://notcve.org/view.php?id=CVE-2015-0074
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly allocate memory, which allows remote attackers to cause a denial of service via a crafted (1) web site or (2) file, aka "Adobe Font Driver Denial of Service Vulnerability." Adobe Font Driver en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no reserva correctamente memoria, lo que permite a atacantes remotos causar una denegación de servicio a través de un (1) sitio web o (2) fichero manipulado, también conocido como 'vulnerabilidad de la denegación de servicio de Adobe Font Driver.' • http://www.securityfocus.com/bid/72892 http://www.securitytracker.com/id/1031889 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-021 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 97%CPEs: 12EXPL: 3CVE-2015-0096 – Microsoft Windows .LNK DLL Planting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0096
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability." Vulnerabilidad de ruta de búsqueda no confiable en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a usuarios locales ganar privilegios a través de un DLL troyano en el directorio de trabajos actuales, que conduce a una carga de DLL durante el acceso de Windows Explorer al icono de un atajo manipulado, también conocido como 'vulnerabilidad de la ejecución remoto de la implantación de DLL.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious directory or device. The specific flaw exists within the handling of LNK files by the Windows shell. By providing a pair of crafted files, an attacker is able to force the Explorer process to load an arbitrary DLL when displaying file icons in the directory view. • https://www.exploit-db.com/exploits/14403 http://www.securityfocus.com/bid/72894 http://www.securitytracker.com/id/1031890 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-020 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Full-details-on-CVE-2015-0096-and-the-failed-MS10-046-Stuxnet/ba-p/6718459#.VQBOymTF9so https://github.com/rapid7/metasploit-framework/pull/4911 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows&# • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 7%CPEs: 12EXPL: 1CVE-2015-0081 – Microsoft Windows Text Services Out-Of-Bounds Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0081
Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability." Windows Text Services (WTS) en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos ejecutar código arbitrario a través de un (1) sitio web o (2) fichero manipulado, también conocido como 'vulnerabilidad de la ejecución de código remoto de WTS.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Windows Text Services processes certain objects. By opening a malformed document, an attacker can force MSCFT.dll to access memory outside the bounds of an array. • https://www.exploit-db.com/exploits/36336 http://www.securityfocus.com/bid/72886 http://www.securitytracker.com/id/1031890 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-020 • CWE-19: Data Processing Errors •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-0094 – Microsoft Windows NtUserfnINOUTNCCALCSIZE Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2015-0094
The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability." Los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 no restringe correctamente la disponibilidad de la información de direcciones durante la llamada a una función, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la divulgación de la memoria del kernel de Microsoft Windows.' This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of NtUserfnINOUTNCCALCSIZE function. The issue lies in the failure to sanitize a buffer before calling a userland function resulting in the leak of an address on the kernel trap frame. • http://www.securitytracker.com/id/1031897 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •