Lucene search

[email protected]CVE-2015-2480

HistoryAug 15, 2015 - 12:59 a.m.

CVE-2015-2480

2015-08-1500:59:39

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-2480

ryujit

.net framework

remote code execution

microsoft

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.226 Low

EPSS

Percentile

96.5%

JSON

The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka “RyuJIT Optimization Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-2479 and CVE-2015-2481.

Affected configurations

NVD

Node

microsoft.net_frameworkMatch4.6

CPENameOperatorVersion
microsoft:.net_frameworkmicrosoft .net frameworkeq4.6

CPE	Name	Operator	Version
microsoft:.net_framework	microsoft .net framework	eq	4.6

References

www.securitytracker.com/id/1033253

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-092

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.226 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2015-2480

prion3 nvd3 cve2 nessus1 mskb1 cvelist3 kaspersky1 openvas1 symantec3 securityvulns1