CVE-2015-1674

Sažetak

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."

Reference

http://www.securityfocus.com/bid/74488
http://www.securitytracker.com/id/1032292
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-052
https://www.exploit-db.com/exploits/37052/

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

14-05-2019 - 20:30

Objavljeno

13-05-2015 - 10:59