Lucene search

[email protected]CVE-2015-2479

HistoryAug 15, 2015 - 12:59 a.m.

CVE-2015-2479

2015-08-1500:59:37

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-2479

ryujit

optimization

elevation of privilege

vulnerability

.net framework 4.6

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.226 Low

EPSS

Percentile

96.5%

JSON

The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka “RyuJIT Optimization Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2480 and CVE-2015-2481.

Affected configurations

NVD

Node

microsoft.net_frameworkMatch4.6

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.6

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.6

References

www.securitytracker.com/id/1033253

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-092

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.226 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2015-2479

cve2 nessus1 nvd3 mskb1 cvelist3 prion3 kaspersky1 openvas1 symantec3 securityvulns1