CVE-2015-0078

2015-03-1110:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-0078

win32k.sys

microsoft windows

elevation of privilege

nvd

6.4 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

15.0%

JSON

win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate the token of a calling thread, which allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_rtmicrosoft windows rteq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_rt_8.1microsoft windows rt 8.1eq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_server_2012microsoft windows server 2012eq-

CPE	Name	Operator	Version
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_rt	microsoft windows rt	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-