CVE-2015-0073

2015-03-1110:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-0073

windows

registry

virtualization

elevation of privilege

vulnerability

6.3 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

15.1%

JSON

The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka “Registry Virtualization Elevation of Privilege Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_rtmicrosoft windows rteq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_rt_8.1microsoft windows rt 8.1eq-
microsoft:windows_vistamicrosoft windows vistaeq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_server_2012microsoft windows server 2012eq-

CPE	Name	Operator	Version
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_rt	microsoft windows rt	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	-
microsoft:windows_vista	microsoft windows vista	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-