9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
6.7 Medium
AI Score
Confidence
Low
0.226 Low
EPSS
Percentile
96.5%
An improper optimization at RyuJIT were found in Microsoft .NET Framework. By exploiting these vulnerabilities malicious users can gain privileges. These vulnerabilities can be exploited remotely via a specially designed .NET application.
Technical details
This vulnerability caused by improper parameters optimization resulting in a code generation error. To exploit these vulnerabilities malicious must lead affected user to start specially designed .NET application. you can read temporary workaround in Microsoft advisory listed.
CVE-2015-2481 critical
CVE-2015-2480 critical
CVE-2015-2479 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/3081436
support.microsoft.com/kb/3083184
support.microsoft.com/kb/3083185
support.microsoft.com/kb/3083186
support.microsoft.com/kb/3086251
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2479
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2480
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2481
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/