Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0076

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-0076
Last Modified 10 Sep 2015 12:00:43
Published 11 Mar 2015 06:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-0076

Summary

The photo-decoder implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly initialize memory for rendering of JXR images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "JPEG XR Parser Information Disclosure Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server

  • Microsoft Windows 7

  • Microsoft Windows 8 -

  • Microsoft Windows 8.1 -

  • Microsoft Windows Rt -

  • Microsoft Windows Rt 8.1 -

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Server 2012 -

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Vista


References

MS - MS15-029

SECTRACK - 1031894

BID - 72918

Related Patches

MS15-029 Security Update for Windows Server 2008 (KB3035126)

MS15-029 Security Update for Windows Vista (KB3035126)

MS15-029 Security Update for Windows Vista x64 (KB3035126)

MS15-029 Security Update for Windows Server 2008 x64 (KB3035126)


Last Updated: 27 May 2016 11:08:02