Kaspersky LabKLA10549KLA10549 Code execution vulnerability in Microsoft GC
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.4 High
AI Score
Confidence
Low
0.762 High
EPSS
Percentile
98.2%
An unspecified vulnerability was found in Microsoft products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed EMF image.
Original advisories
Related products
CVE list
CVE-2015-1645 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Windows Server 2003 x86, x64, Itanium Service Pack 2Windows Vista x86, x64 Service Pack 2Windows Server 2008 x86, x64, Itanium Service Pack 2Windows 7 x86, x64 Service Pack 1Windows Servier 2008 R2 x64, Itanium Service Pack 1
References
support.microsoft.com/kb/3046306
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1645
statistics.securelist.com/
technet.microsoft.com/en-us/library/security/ms15-035
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.4 High
AI Score
Confidence
Low
0.762 High
EPSS
Percentile
98.2%