SB2015060901 - Multiple vulnerabilities in Microsoft Windows

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015060901

SB2015060901 - Multiple vulnerabilities in Microsoft Windows

Published: June 9, 2015 Updated: February 2, 2017

Security Bulletin ID SB2015060901
Severity
Medium
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

High 82% Medium 9% Low 9%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2015-2360)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to boundary error. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

Note: the vulnerability was being actively exploited.

2) Memory corruption (CVE-ID: CVE-2015-1768)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to boundary error. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

3) Buffer overflow (CVE-ID: CVE-2015-1727)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to buffer overflow. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

4) “Use-after-free” error (CVE-ID: CVE-2015-1726)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to use-after-free error. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

5) Buffer overflow (CVE-ID: CVE-2015-1725)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to buffer overflow. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

6) “Use-after-free” error (CVE-ID: CVE-2015-1724)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to use-after-free error. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

7) “Use-after-free” error (CVE-ID: CVE-2015-1723)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to use-after-free error. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

8) “Use-after-free” error (CVE-ID: CVE-2015-1722)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to use-after-free error. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

9) Null pointer dereference (CVE-ID: CVE-2015-1721)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to null pointer dereference. A local attacker can run a specially crafted program to gain administrative privileges and execute arbitrary code in kernel mode.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

10) “Use-after-free” error (CVE-ID: CVE-2015-1720)

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to use-after-free error. A local attacker can run a specially crafted program to trigger memory corruption, gain administrative privileges and execute arbitrary code.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

11) Memory corruption (CVE-ID: CVE-2015-1719)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper handling of buffer elements. A local attacker can run a specially crafted program to request specific memory content and read important data.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Remediation

Install update from vendor's website.

References