CVE-2015-2381

2015-07-1422:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-2381

win32k.sys

kernel-mode

microsoft windows

information disclosure

vulnerability

5.3 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

14.6%

JSON

win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka “Win32k Information Disclosure Vulnerability,” a different vulnerability than CVE-2015-2382.

CPENameOperatorVersion
microsoft:windows_rtmicrosoft windows rteq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_rt_8.1microsoft windows rt 8.1eq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_rt	microsoft windows rt	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2