Security bypass in Windows and Windows Server - CVE-2015-2433
Published: February 8, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU5668
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2015-2433
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerabiity allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to improper initialization of a memory address by Windows kernel. A local attacker can create a specially crafted application, execute it on the system, bypass Kernel Address Space Layout Randomization (KASLR) and obtain arbitrary information.
Successful exploitation of this vulnerability results in disclosure of sensitive information.
The weakness exists due to improper initialization of a memory address by Windows kernel. A local attacker can create a specially crafted application, execute it on the system, bypass Kernel Address Space Layout Randomization (KASLR) and obtain arbitrary information.
Successful exploitation of this vulnerability results in disclosure of sensitive information.
How to mitigate CVE-2015-2433
Install update from vendor's website.