CVE-2015-1674

2015-05-1310:59:06

CWE-254

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

Low

EPSS

0.002

Percentile

53.2%

JSON

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka “Windows Kernel Security Feature Bypass Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_8Match-

microsoftwindows_8.1Match-

microsoftwindows_rtMatch-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

VendorProductVersionCPE
microsoftwindows_8-cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
microsoftwindows_8.1-cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
microsoftwindows_rt-cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
microsoftwindows_rt_8.1-cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
microsoftwindows_server_2012-cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
microsoftwindows_server_2012r2cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_8	-	cpe:2.3:o:microsoft:windows_8:-:::::::*
microsoft	windows_8.1	-	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
microsoft	windows_rt	-	cpe:2.3:o:microsoft:windows_rt:-:::::::*
microsoft	windows_rt_8.1	-	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
microsoft	windows_server_2012	-	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
microsoft	windows_server_2012	r2	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*