CVE-2015-6098

2015-11-1112:59:37

CWE-264

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-6098

network driver interface standard

ndis

buffer overflow

microsoft windows vista

windows server 2008

windows 7

elevation of privilege

vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

High

0.668 Medium

EPSS

Percentile

98.0%

JSON

Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka “Windows NDIS Elevation of Privilege Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7Match-sp1

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_vistaMatch-sp2

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_vistamicrosoft windows vistaeq-

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_vista	microsoft windows vista	eq	-