CVE-2015-0001

2015-01-1322:59:00

CWE-264

[email protected]

web.nvd.nist.gov

windows

error reporting

wer

microsoft

security

vulnerability

bypass

nvd

cve-2015-0001

6.3 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

15.6%

JSON

The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka “Windows Error Reporting Security Feature Bypass Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_8Match-

microsoftwindows_8.1Match-

microsoftwindows_rtMatch-gold

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2012Match-gold

microsoftwindows_server_2012Matchr2x64

CPENameOperatorVersion
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_rtmicrosoft windows rteq-
microsoft:windows_rt_8.1microsoft windows rt 8.1eq-
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_rt	microsoft windows rt	eq	-
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2