CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 3CVE-2015-0057 – Microsoft Windows - Local Privilege Escalation (MS15-010)
https://notcve.org/view.php?id=CVE-2015-0057
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores del modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la elevación de privilegios de Win32k.' • https://www.exploit-db.com/exploits/37098 https://www.exploit-db.com/exploits/39035 https://github.com/55-AA/CVE-2015-0057 http://www.securityfocus.com/bid/72466 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/100431 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 1%CPEs: 12EXPL: 1CVE-2015-0003 – Microsoft Windows WM_SYSTIMER Kernel Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-0003
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores del modo kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a usuarios locales ganar privilegios o causar una denegación de servicio (referencia a puntero nulo) a través de un aplicación manipulada, también conocido como 'vulnerabilidad de la elevación de privilegios de Win32k.' This vulnerability allows local attackers to elevate to System privileges on vulnerable installations of Microsoft Windows. This vulnerability requires the ability to run arbitrary unprivileged code. The specific flaw exists within the handling of the WM_SYSTIMER message. By malforming the window handle in the message, an attacker is able to cause the kernel to write to a controlled address. An attacker could leverage this to execute arbitrary code in the context of the System. • https://www.exploit-db.com/exploits/37098 http://www.securityfocus.com/bid/72457 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/100430 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2015-0058 – Microsoft Windows win32k.sys Dangling Pointer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-0058
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability." Vulnerabilidad de doble liberación en win32k.sys en los controladores del modo de kernel en Microsoft Windows 8.1, Windows Server 2012 R2, y Windows RT 8.1 permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la doble liberación del objeto del cursor de Windows.' This vulnerability allows for elevation of privilege on vulnerable installations of Microsoft Windows. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The specific flaw exists within the usage of Cursor objects. The issue lies in the failure to properly handle error conditions leading to a pointer not being reset. • https://www.exploit-db.com/exploits/37098 http://www.securityfocus.com/bid/72468 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/100432 • CWE-415: Double Free •
CVSS: 10.0EPSS: 97%CPEs: 23EXPL: 4CVE-2015-0313 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-0313
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 13.0.0.269 y 14.x hasta la versión 16.x en versiones anteriores a 16.0.0.305 en Windows y OS X y en versiones anteriores a 11.2.202.442 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según se ha explotado activamente en febrero de 2015, una vulnerabilidad diferente a CVE-2015-0315, CVE-2015-0320 y CVE-2015-0322. Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/36579 https://www.exploit-db.com/exploits/36491 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html http://secunia& • CWE-416: Use After Free •
CVSS: 10.0EPSS: 97%CPEs: 20EXPL: 3CVE-2015-0311 – Adobe Flash Player Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0311
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. Vulnerabilidad no especificada en Adobe Flash Player hasta 13.0.0.262 y 14.x, 15.x, y 16.x hasta 16.0.0.287 en Windows y OS X y hasta 11.2.202.438 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, tal y como fue utilizado activamente en enero del 2015. Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/36360 https://github.com/jr64/CVE-2015-0311 http://helpx.adobe.com/security/products/flash-player/apsa15-01.html http://helpx.adobe.com/security/products/flash-player/apsb15-03.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html http://secunia.com/advisories/62432 http: •