ID CVE-2015-2366 Type cve Reporter NVD Modified 2018-10-12T18:09:14
Description
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
{"id": "CVE-2015-2366", "bulletinFamily": "NVD", "title": "CVE-2015-2366", "description": "win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"", "published": "2015-07-14T18:59:02", "modified": "2018-10-12T18:09:14", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2366", "reporter": "NVD", "references": ["http://www.securitytracker.com/id/1032904", "https://www.exploit-db.com/exploits/38266/", "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-073"], "cvelist": ["CVE-2015-2366"], "type": "cve", "lastseen": "2018-10-13T11:06:58", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2:sp1", "cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_7:-:sp1"], "cvelist": ["CVE-2015-2366"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"", "edition": 2, "enchantments": {}, "hash": "bfb37fecd71be690bb0a35786014312c7721a046f515cec2b6bae5dabbf09e76", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "7aa9a73afd9892cd51c4290aee9bf42b", "key": "references"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "47b4d6122dfafa0f22ab9ccb3a9f1f84", "key": "href"}, {"hash": "4f4809b3cf9199b0260156892bd0131a", "key": "cvelist"}, {"hash": "43e777d9a728d5a4e0f7d3bfec49696f", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4651127c038b662be78d516a2d654829", "key": "published"}, {"hash": "f561b4127683bcc10f10644619a500b8", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "325d83ecc491abd0b0440d3c0599f584", "key": "description"}, {"hash": "52537d8cd81aaabc55b4161130efdbbb", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2366", "id": "CVE-2015-2366", "lastseen": "2017-09-16T19:12:52", "modified": "2017-09-15T21:29:01", "objectVersion": "1.3", "published": "2015-07-14T18:59:02", "references": ["http://technet.microsoft.com/security/bulletin/MS15-073", "https://www.exploit-db.com/exploits/38266/"], "reporter": "NVD", "scanner": [], "title": "CVE-2015-2366", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-09-16T19:12:52"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2:sp1", "cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_7:-:sp1"], "cvelist": ["CVE-2015-2366"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"", "edition": 1, "enchantments": {}, "hash": "850d6c43b667aa24c15e02109345d1315d7f3b57442d8cad3eb5bfc272d1c9a6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "7f1e243f5553e35d2a23aa1891b5f3d9", "key": "references"}, {"hash": "20a3eadaded3bbc876019cac4a40a385", "key": "modified"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "47b4d6122dfafa0f22ab9ccb3a9f1f84", "key": "href"}, {"hash": "4f4809b3cf9199b0260156892bd0131a", "key": "cvelist"}, {"hash": "43e777d9a728d5a4e0f7d3bfec49696f", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4651127c038b662be78d516a2d654829", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "325d83ecc491abd0b0440d3c0599f584", "key": "description"}, {"hash": "52537d8cd81aaabc55b4161130efdbbb", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2366", "id": "CVE-2015-2366", "lastseen": "2016-09-03T22:18:09", "modified": "2015-07-15T11:20:50", "objectVersion": "1.2", "published": "2015-07-14T18:59:02", "references": ["http://technet.microsoft.com/security/bulletin/MS15-073"], "reporter": "NVD", "scanner": [], "title": "CVE-2015-2366", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T22:18:09"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2:sp1", "cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_7:-:sp1"], "cvelist": ["CVE-2015-2366"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\"", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "73bbd5dd5006b85a8404315c16eb0edc2a1941551f130b43131892f454e15891", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "47b4d6122dfafa0f22ab9ccb3a9f1f84", "key": "href"}, {"hash": "4f4809b3cf9199b0260156892bd0131a", "key": "cvelist"}, {"hash": "43e777d9a728d5a4e0f7d3bfec49696f", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "4651127c038b662be78d516a2d654829", "key": "published"}, {"hash": "6eebdabe44b75f904d9ab503a2ec5f62", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "325d83ecc491abd0b0440d3c0599f584", "key": "description"}, {"hash": "52537d8cd81aaabc55b4161130efdbbb", "key": "title"}, {"hash": "8b4035abe315099c1e967a465b9a07db", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2366", "id": "CVE-2015-2366", "lastseen": "2017-09-22T10:42:09", "modified": "2017-09-21T21:29:03", "objectVersion": "1.3", "published": "2015-07-14T18:59:02", "references": ["http://www.securitytracker.com/id/1032904", "http://technet.microsoft.com/security/bulletin/MS15-073", "https://www.exploit-db.com/exploits/38266/"], "reporter": "NVD", "scanner": [], "title": "CVE-2015-2366", "type": "cve", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 3, "lastseen": "2017-09-22T10:42:09"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "43e777d9a728d5a4e0f7d3bfec49696f"}, {"key": "cvelist", "hash": "4f4809b3cf9199b0260156892bd0131a"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "325d83ecc491abd0b0440d3c0599f584"}, {"key": "href", "hash": "47b4d6122dfafa0f22ab9ccb3a9f1f84"}, {"key": "modified", "hash": "1858c584b4d16a32f0a3053e1359b478"}, {"key": "published", "hash": "4651127c038b662be78d516a2d654829"}, {"key": "references", "hash": "181b7a7ffa429c66fa9ad69704852c75"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "52537d8cd81aaabc55b4161130efdbbb"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "4a57851d59a7432808bdbb93f74810657bfabb4025ba6e9d739e0384d35bc180", "viewCount": 1, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-75657"]}, {"type": "exploitdb", "idList": ["EDB-ID:38266"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805074"]}, {"type": "nessus", "idList": ["SMB_NT_MS15-073.NASL"]}, {"type": "kaspersky", "idList": ["KLA10631"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14594"]}], "modified": "2018-10-13T11:06:58"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2:sp1", "cpe:/o:microsoft:windows_8:-", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_7:-:sp1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"symantec": [{"lastseen": "2018-03-11T18:49:02", "bulletinFamily": "software", "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges.\n\n### Technologies Affected\n\n * Avaya CallPilot 4.0 \n * Avaya CallPilot 4.0.1 \n * Avaya CallPilot 5.0 \n * Avaya CallPilot 5.0.1 \n * Avaya CallPilot 5.1.0 \n * Avaya Meeting Exchange - Client Registration Server 5.0 \n * Avaya Meeting Exchange - Client Registration Server 5.0.1 \n * Avaya Meeting Exchange - Client Registration Server 5.2 \n * Avaya Meeting Exchange - Client Registration Server 5.2.1 \n * Avaya Meeting Exchange - Client Registration Server 6.0 \n * Avaya Meeting Exchange - Client Registration Server 6.2 \n * Avaya Meeting Exchange - Recording Server 5.0 \n * Avaya Meeting Exchange - Recording Server 5.0.1 \n * Avaya Meeting Exchange - Recording Server 5.2 \n * Avaya Meeting Exchange - Recording Server 5.2.1 \n * Avaya Meeting Exchange - Recording Server 6.0 \n * Avaya Meeting Exchange - Recording Server 6.2 \n * Avaya Meeting Exchange - Streaming Server 5.0 \n * Avaya Meeting Exchange - Streaming Server 5.0.1 \n * Avaya Meeting Exchange - Streaming Server 5.2 \n * Avaya Meeting Exchange - Streaming Server 5.2.1 \n * Avaya Meeting Exchange - Streaming Server 6.0 \n * Avaya Meeting Exchange - Streaming Server 6.2 \n * Avaya Meeting Exchange - Web Conferencing Server 5.0 \n * Avaya Meeting Exchange - Web Conferencing Server 5.0.1 \n * Avaya Meeting Exchange - Web Conferencing Server 5.2 \n * Avaya Meeting Exchange - Web Conferencing Server 5.2.1 \n * Avaya Meeting Exchange - Web Conferencing Server 6.0 \n * Avaya Meeting Exchange - Web Conferencing Server 6.2 \n * Avaya Meeting Exchange - Webportal 5.0 \n * Avaya Meeting Exchange - Webportal 5.0.1 \n * Avaya Meeting Exchange - Webportal 5.2 \n * Avaya Meeting Exchange - Webportal 5.2.1 \n * Avaya Meeting Exchange - Webportal 6.0 \n * Avaya Meeting Exchange - Webportal 6.2 \n * Avaya Messaging Application Server 5.0 \n * Avaya Messaging Application Server 5.0.1 \n * Avaya Messaging Application Server 5.2 \n * Avaya Messaging Application Server 5.2.1 \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows RT \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2015-07-14T00:00:00", "published": "2015-07-14T00:00:00", "id": "SMNTC-75657", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/75657", "type": "symantec", "title": "Microsoft Windows Kernel 'Win32k.sys' CVE-2015-2366 Local Privilege Escalation Vulnerability", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-04T07:41:39", "bulletinFamily": "exploit", "description": "Windows Kernel - DeferWindowPos Use-After-Free (MS15-073). CVE-2015-2366. Dos exploit for win32 platform", "modified": "2015-09-22T00:00:00", "published": "2015-09-22T00:00:00", "id": "EDB-ID:38266", "href": "https://www.exploit-db.com/exploits/38266/", "type": "exploitdb", "title": "Windows Kernel - DeferWindowPos Use-After-Free MS15-073", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=339\r\n\r\nThe attached PoC demonstrate a use-after-free condition that occurs when operating on a DeferWindowPos object from multiple threads. The DeferWindowPos() call will trigger and block on the execution of a window procedure in a separate thread from which we call EndDeferWindowPos on the same handle. specialpool.txt contains the debugger output with Session Pool enabled, crash.txt the debugger output without Session Pool.\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38266.zip\r\n\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/38266/"}], "openvas": [{"lastseen": "2018-10-22T16:39:03", "bulletinFamily": "scanner", "description": "This host is missing an important security\n update according to Microsoft Bulletin MS15-073.", "modified": "2018-10-12T00:00:00", "published": "2015-07-15T00:00:00", "id": "OPENVAS:1361412562310805074", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805074", "title": "MS Windows Kernel-Mode Driver Privilege Elevation Vulnerabilities (3070102)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms15-073.nasl 11876 2018-10-12 12:20:01Z cfischer $\n#\n# MS Windows Kernel-Mode Driver Privilege Elevation Vulnerabilities (3070102)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805074\");\n script_version(\"$Revision: 11876 $\");\n script_cve_id(\"CVE-2015-2363\", \"CVE-2015-2365\", \"CVE-2015-2366\", \"CVE-2015-2367\",\n \"CVE-2015-2381\", \"CVE-2015-2382\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 14:20:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-15 08:32:59 +0530 (Wed, 15 Jul 2015)\");\n script_name(\"MS Windows Kernel-Mode Driver Privilege Elevation Vulnerabilities (3070102)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS15-073.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An improper handling of buffer elements by windows kernel-mode driver under\n certain conditions.\n\n - An improper freeing of an object in memory by windows kernel-mode driver.\n\n - Improper handling of buffer elements by windows kernel-mode driver under\n certain conditions.\n\n - Improper freeing of an object in memory by windows kernel-mode driver.\n\n - Insufficient validation of certain data passed from user mode by the windows\n kernel-mode driver.\n\n - Windows kernel-mode driver when it accesses an object in memory that has\n either not been correctly initialized or deleted.\n\n - Windows kernel-mode driver when it improperly validates user input.\n\n - Windows kernel-mode driver 'Win32k.sys' fails to properly free memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass security, gain elevated privileges and execute arbitrary\n code on affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 8 x32/x64\n\n Microsoft Windows Server 2012/R2\n\n Microsoft Windows 8.1 x32/x64 Edition\n\n Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior\n\n Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior\n\n Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior\n\n Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior\n\n Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the\n listed hotfixes or download and install the hotfixes from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3070102\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/MS15-073\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/ms15-073\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2003:3, win2003x64:3, winVista:3, win7:2, win7x64:2,\n win2008:3, win2008r2:2, win8:1, win8x64:1, win2012:1,\n win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Win32k.sys\");\nif(!dllVer){\n exit(0);\n}\n\nif(hotfix_check_sp(win2003:3, win2003x64:3) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"5.2.3790.5667\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\n## Currently not supporting for Vista and Windows Server 2008 64 bit\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.19429\") ||\n version_in_range(version:dllVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.23734\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.1.7601.18906\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7601.22000\", test_version2:\"6.1.7601.23108\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nif(hotfix_check_sp(win8:1, win8x64:1, win2012:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.2.9200.17419\") ||\n version_in_range(version:dllVer, test_version:\"6.2.9200.20000\", test_version2:\"6.2.9200.21527\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\n## Win 8.1 and win2012R2\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.3.9600.17915\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:24:34", "bulletinFamily": "scanner", "description": "The remote Windows host is affected by multiple vulnerabilities :\n\n - Multiple privilege escalation vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, with a specially crafted application, to elevate privileges to full administrative rights.\n (CVE-2015-2363, CVE-2015-2365, CVE-2015-2366)\n\n - An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of non-initialized values in memory. An attacker can exploit this vulnerability, with a specially crafted application, to leak memory addresses or other sensitive kernel information that can be used for further exploitation of the system. (CVE-2015-2367)\n\n - An information disclosure vulnerability exists in the Windows kernel-mode driver due to improper handling of private address information during a function call. An attacker can exploit this vulnerability, with a specially crafted application, to request the contents of specific memory addresses. (CVE-2015-2381, CVE-2015-2382)", "modified": "2018-11-15T00:00:00", "id": "SMB_NT_MS15-073.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84747", "published": "2015-07-14T00:00:00", "title": "MS15-073: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84747);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2015-2363\",\n \"CVE-2015-2365\",\n \"CVE-2015-2366\",\n \"CVE-2015-2367\",\n \"CVE-2015-2381\",\n \"CVE-2015-2382\"\n );\n #script_bugtraq_id();\n script_xref(name:\"MSFT\", value:\"MS15-073\");\n script_xref(name:\"MSKB\", value:\"3070102\");\n script_xref(name:\"IAVA\", value:\"2015-A-0162\");\n\n script_name(english:\"MS15-073: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)\");\n script_summary(english:\"Checks the file version of Win32k.sys.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by multiple vulnerabilities :\n\n - Multiple privilege escalation vulnerabilities exist in\n the Windows kernel-mode driver due to improper handling\n of objects in memory. A local attacker can exploit these\n vulnerabilities, with a specially crafted application,\n to elevate privileges to full administrative rights.\n (CVE-2015-2363, CVE-2015-2365, CVE-2015-2366)\n\n - An information disclosure vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n non-initialized values in memory. An attacker can\n exploit this vulnerability, with a specially crafted\n application, to leak memory addresses or other sensitive\n kernel information that can be used for further\n exploitation of the system. (CVE-2015-2367)\n\n - An information disclosure vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n private address information during a function call. An\n attacker can exploit this vulnerability, with a\n specially crafted application, to request the contents\n of specific memory addresses. (CVE-2015-2381,\n CVE-2015-2382)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-073\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2003, Vista, 2008,\n7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, and 2012 R2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-073';\nkb = '3070102';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n# Some of the 2k3 checks could flag XP 64, which is unsupported\nif (\"Windows XP\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"Win32k.sys\", version:\"6.3.9600.17915\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 8 / Windows Server 2012\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"Win32k.sys\", version:\"6.2.9200.21528\", min_version:\"6.2.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"Win32k.sys\", version:\"6.2.9200.17419\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows 7 / Server 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.23109\", min_version:\"6.1.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"Win32k.sys\", version:\"6.1.7601.18906\", min_version:\"6.1.7600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Vista / Windows Server 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.23735\", min_version:\"6.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Win32k.sys\", version:\"6.0.6002.19429\", min_version:\"6.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n # Windows Server 2003\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Win32k.sys\", version:\"5.2.3790.5667\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-19T17:03:30", "bulletinFamily": "info", "description": "### *Detect date*:\n07/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Windows Server 2003 Service Pack 2 \nMicrosoft Windows Server 2003 R2 Service Pack 2 \nWindows Vista x86, x64 Service Pack 2 \nMicrosoft Windows 7 x86, x64 Service Pack 1 \nMicrosoft Windows Server 2008 x64 Service Pack 1 \nMicrosoft Windows Server 2008 R2 x64 Service Pack 1 \nMicrosoft Windows 8 x86, x64 \nMicrosoft Windows 8.1 x86, x64 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2 \nMicrosoft Windows RT 8.1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-2416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2416>) \n[CVE-2015-2364](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2364>) \n[CVE-2015-2371](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2371>) \n[CVE-2015-2417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2417>) \n[CVE-2015-2363](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2363>) \n[CVE-2015-2373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2373>) \n[CVE-2015-2387](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2387>) \n[CVE-2015-2382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2382>) \n[CVE-2015-2361](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2361>) \n[CVE-2015-2370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2370>) \n[CVE-2015-2366](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2366>) \n[CVE-2015-2367](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2367>) \n[CVE-2015-2368](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2368>) \n[CVE-2015-2369](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2369>) \n[CVE-2015-2362](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2362>) \n[CVE-2015-2374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2374>) \n[CVE-2015-2381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2381>) \n[CVE-2015-2365](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2365>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2015-2416](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2416>) \n[CVE-2015-2364](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2364>) \n[CVE-2015-2371](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2371>) \n[CVE-2015-2417](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2417>) \n[CVE-2015-2363](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2363>) \n[CVE-2015-2373](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373>) \n[CVE-2015-2387](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2387>) \n[CVE-2015-2382](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2382>) \n[CVE-2015-2361](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2361>) \n[CVE-2015-2370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2370>) \n[CVE-2015-2366](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2366>) \n[CVE-2015-2367](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2367>) \n[CVE-2015-2368](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2368>) \n[CVE-2015-2369](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2369>) \n[CVE-2015-2362](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2362>) \n[CVE-2015-2374](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2374>) \n[CVE-2015-2381](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2381>) \n[CVE-2015-2365](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2365>)\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3072631](<http://support.microsoft.com/kb/3072631>) \n[3068457](<http://support.microsoft.com/kb/3068457>) \n[3046339](<http://support.microsoft.com/kb/3046339>) \n[3069392](<http://support.microsoft.com/kb/3069392>) \n[3072630](<http://support.microsoft.com/kb/3072630>) \n[3067505](<http://support.microsoft.com/kb/3067505>) \n[3073094](<http://support.microsoft.com/kb/3073094>) \n[3077657](<http://support.microsoft.com/kb/3077657>) \n[3067904](<http://support.microsoft.com/kb/3067904>) \n[3072000](<http://support.microsoft.com/kb/3072000>) \n[3046359](<http://support.microsoft.com/kb/3046359>) \n[3061512](<http://support.microsoft.com/kb/3061512>) \n[3069762](<http://support.microsoft.com/kb/3069762>) \n[3072633](<http://support.microsoft.com/kb/3072633>) \n[3067903](<http://support.microsoft.com/kb/3067903>) \n[3070738](<http://support.microsoft.com/kb/3070738>) \n[3070102](<http://support.microsoft.com/kb/3070102>)", "modified": "2019-02-15T00:00:00", "published": "2015-07-14T00:00:00", "id": "KLA10631", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10631", "title": "\r KLA10631Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Internet Explorer and VBScript multiple security vulnerabilities, RDP code execution, Hyper-V code execution, multiple privilege escalations.", "modified": "2015-07-19T00:00:00", "published": "2015-07-19T00:00:00", "id": "SECURITYVULNS:VULN:14594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14594", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
