Kaspersky LabKLA10577

HistoryMay 12, 2015 - 12:00 a.m.

KLA10577 Arbitrary code execution vulnerabilities in Windows Journal

2015-05-1200:00:00

Kaspersky Lab

threats.kaspersky.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.322 Low

EPSS

Percentile

97.0%

JSON

An unspecified vulnerabilities were found in Windows products. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed Journal file.

Original advisories

Related products

Microsoft-Windows-Vista-4

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

CVE list

CVE-2015-1697 critical

CVE-2015-1696 critical

CVE-2015-1675 critical

CVE-2015-1695 critical

CVE-2015-1699 critical

CVE-2015-1698 critical

KB list

3046002

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Windows Vista x86, x64 Service Pack 2Windows Server 2008 x86, x64 Service Pack 2Windows 7 x86, x64 Service Pack 1Windows Server 2008 R2 x64 Service Pack 1Windows 8, 8.1 x86, x64Windows Server 2012Windows Server 2012 R2Windows RTWindows RT 8.1