Lucene search
Lokihardt@ASRTZDI-15-189HistoryMay 12, 2015 - 12:00 a.m.
(Pwn2Own) Microsoft Windows CNG Information Disclosure Vulnerability
2015-05-1200:00:00
lokihardt@ASRT
www.zerodayinitiative.com
23
EPSS
0.002
Percentile
53.2%
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the cng.sys driver. The issue lies in a series of IOCTLs that return pointers to functions within the driver. An attacker can leverage this together with another vulnerability to achieve code execution under the context of SYSTEM.
Related
cve
cve
CVE-2015-1674
2015-05-13 10:59:06
symantec
symantec
Microsoft Windows Kernel CVE-2015-1674 Local Security Bypass Vulnerability
2015-05-12 00:00:00
nessus
nessus
cvelist
cvelist
CVE-2015-1674
2015-05-13 10:00:00
exploitdb
exploitdb
nvd
nvd
CVE-2015-1674
2015-05-13 10:59:06
openvas
openvas
Microsoft Windows Kernel Security Feature Bypass Vulnerability (3050514)
2015-05-13 00:00:00
prion
prion
Security feature bypass
2015-05-13 10:59:00
mskb
mskb
kaspersky
kaspersky
KLA10580 Multiple vulnerabilities in Microsoft products
2015-05-12 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-05-13 00:00:00