#VU5668 Security bypass in Windows and Windows Server - CVE-2015-2433
Published: February 8, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU5668
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2015-2433
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerabiity allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to improper initialization of a memory address by Windows kernel. A local attacker can create a specially crafted application, execute it on the system, bypass Kernel Address Space Layout Randomization (KASLR) and obtain arbitrary information.
Successful exploitation of this vulnerability results in disclosure of sensitive information.
The weakness exists due to improper initialization of a memory address by Windows kernel. A local attacker can create a specially crafted application, execute it on the system, bypass Kernel Address Space Layout Randomization (KASLR) and obtain arbitrary information.
Successful exploitation of this vulnerability results in disclosure of sensitive information.
Remediation
Install update from vendor's website.