SB2015120801 - Multiple vulnerabilities in Microsoft Windows

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015120801

SB2015120801 - Multiple vulnerabilities in Microsoft Windows

Published: December 8, 2015 Updated: March 24, 2017

Security Bulletin ID SB2015120801
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2015-6175)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.

Note: the vulnerability was being actively exploited.


2) Memory corruption (CVE-ID: CVE-2015-6174)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.


3) Memory corruption (CVE-ID: CVE-2015-6173)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.


4) Memory corruption (CVE-ID: CVE-2015-6171)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.


Remediation

Install update from vendor's website.

References