Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0077

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2015-0077
Last Modified 28 Aug 2015 12:36:19
Published 11 Mar 2015 06:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-0077

Summary

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function buffers, which allows local users to obtain sensitive information from kernel memory, and possibly bypass the ASLR protection mechanism, via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server

  • Microsoft Windows 7

  • Microsoft Windows 8 -

  • Microsoft Windows 8.1 -

  • Microsoft Windows Rt -

  • Microsoft Windows Rt 8.1 -

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Server 2012 -

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Vista


References

MS - MS15-023

SECTRACK - 1031897

BID - 72897

Related Patches

MS15-023 Security Update for Windows Server 2003 (KB3034344)

MS15-023 Security Update for Windows Server 2008 (KB3034344)

MS15-023 Security Update for Windows Vista (KB3034344)

MS15-023 Security Update for Windows Vista x64 (KB3034344)

MS15-023 Security Update for Windows Server 2008 x64 (KB3034344)

MS15-023 Security Update for Windows Server 2003 x64 (KB3034344)

MS15-023 Security Update for WEPOS and POSReady 2009 (KB3034344)


Last Updated: 27 May 2016 11:08:02