Lucene search

K

[email protected]NVD:CVE-2015-0062

HistoryFeb 11, 2015 - 3:01 a.m.

CVE-2015-0062

2015-02-1103:01:05

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

0

Percentile

10.5%

Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka “Windows Create Process Elevation of Privilege Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7Match-sp1

OR

microsoftwindows_8Match-

OR

microsoftwindows_8.1Match-

OR

microsoftwindows_rtMatch-

OR

microsoftwindows_rt_8.1Match-

OR

microsoftwindows_server_2008Matchr2sp1itanium

OR

microsoftwindows_server_2008Matchr2sp1x64

OR

microsoftwindows_server_2012Match-

OR

microsoftwindows_server_2012Matchr2

References

secunia.com/advisories/62840

www.securityfocus.com/bid/72458

www.securitytracker.com/id/1031724

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-015

exchange.xforce.ibmcloud.com/vulnerabilities/100437

exchange.xforce.ibmcloud.com/vulnerabilities/100438

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

0

Percentile

10.5%

Related for NVD:CVE-2015-0062

symantec1 cvelist1 prion1 cve1 openvas1 nessus1 talosblog1 kaspersky1 securityvulns1