ID CVE-2015-6171 Type cve Reporter NVD Modified 2018-10-12T18:10:40
Description
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6173 and CVE-2015-6174.
{"id": "CVE-2015-6171", "bulletinFamily": "NVD", "title": "CVE-2015-6171", "description": "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-6173 and CVE-2015-6174.", "published": "2015-12-09T06:59:52", "modified": "2018-10-12T18:10:40", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6171", "reporter": "NVD", "references": ["https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-135", "http://www.securitytracker.com/id/1034334"], "cvelist": ["CVE-2015-6171"], "type": "cve", "lastseen": "2018-10-13T11:07:00", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:microsoft:windows_8:-:-:x86", "cpe:/o:microsoft:windows_10:-::~~~~x64~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~", "cpe:/o:microsoft:windows_10:-::~~~~x86~", "cpe:/o:microsoft:windows_server_2008::sp2", "cpe:/o:microsoft:windows_7::sp1:x64", "cpe:/o:microsoft:windows_8:-:-:x64", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2:sp1", "cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7::sp1:x86", "cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~", "cpe:/o:microsoft:windows_10:1511::~~~~x64~", "cpe:/o:microsoft:windows_vista::sp2", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_10:1511::~~~~x86~"], "cvelist": ["CVE-2015-6171"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-6173 and CVE-2015-6174.", "edition": 1, "hash": "2b4ee8c46d3d71deb5a9a6427235ee27d4075581f21383a77fdb063293ab24d4", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "1f4f33d1a04f96c6cde3f21949b44b59", "key": "modified"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "5c73651a54223b4335bcc966f49a8b5d", "key": "description"}, {"hash": "807954d18f0e4e979c66b737930bc412", "key": "title"}, {"hash": "b272f020d7e03ddb14df5084df1ab8a7", "key": "cvelist"}, {"hash": "2f021d11d4c3e20c8b5b0f31d7cd6e60", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "bf67f8771484a11b525ba4e90ac13537", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "cc331df2db13dd6da2a9fe4be9ca1804", "key": "href"}, {"hash": "3dab480ad5a922febe3d390f37fe4b74", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6171", "id": "CVE-2015-6171", "lastseen": "2016-09-03T23:02:32", "modified": "2015-12-09T13:07:05", "objectVersion": "1.2", "published": "2015-12-09T06:59:52", "references": ["http://technet.microsoft.com/security/bulletin/MS15-135"], "reporter": "NVD", "scanner": [], "title": "CVE-2015-6171", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T23:02:32"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:microsoft:windows_8:-:-:x86", "cpe:/o:microsoft:windows_10:-::~~~~x64~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~", "cpe:/o:microsoft:windows_10:-::~~~~x86~", "cpe:/o:microsoft:windows_server_2008::sp2", "cpe:/o:microsoft:windows_7::sp1:x64", "cpe:/o:microsoft:windows_8:-:-:x64", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2:sp1", "cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7::sp1:x86", "cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~", "cpe:/o:microsoft:windows_10:1511::~~~~x64~", "cpe:/o:microsoft:windows_vista::sp2", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_10:1511::~~~~x86~"], "cvelist": ["CVE-2015-6171"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2015-6173 and CVE-2015-6174.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8b098955b58dcc0dc764d19b3cff944dcdb158817146b675c18cb84bc5fc549a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "5c73651a54223b4335bcc966f49a8b5d", "key": "description"}, {"hash": "807954d18f0e4e979c66b737930bc412", "key": "title"}, {"hash": "bf043a1e786ed5bab3af725e1a3af23d", "key": "references"}, {"hash": "b272f020d7e03ddb14df5084df1ab8a7", "key": "cvelist"}, {"hash": "6f13a4fe4c7e4e244526f99d7e427b64", "key": "modified"}, {"hash": "2f021d11d4c3e20c8b5b0f31d7cd6e60", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "bf67f8771484a11b525ba4e90ac13537", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "cc331df2db13dd6da2a9fe4be9ca1804", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6171", "id": "CVE-2015-6171", "lastseen": "2017-04-18T15:57:51", "modified": "2016-12-07T13:19:04", "objectVersion": "1.2", "published": "2015-12-09T06:59:52", "references": ["http://www.securitytracker.com/id/1034334", "http://technet.microsoft.com/security/bulletin/MS15-135"], "reporter": "NVD", "scanner": [], "title": "CVE-2015-6171", "type": "cve", "viewCount": 7}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:57:51"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2f021d11d4c3e20c8b5b0f31d7cd6e60"}, {"key": "cvelist", "hash": "b272f020d7e03ddb14df5084df1ab8a7"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "5c73651a54223b4335bcc966f49a8b5d"}, {"key": "href", "hash": "cc331df2db13dd6da2a9fe4be9ca1804"}, {"key": "modified", "hash": "42226e2b10adb16060ee892fb58b03b2"}, {"key": "published", "hash": "bf67f8771484a11b525ba4e90ac13537"}, {"key": "references", "hash": "d2535d32e24ee2e8e7124d072a839c63"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "807954d18f0e4e979c66b737930bc412"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b710073ddb62c3381ecc8b427620267609cabc3ddbbe6f022f6eb409b23b37db", "viewCount": 7, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/o:microsoft:windows_8:-:-:x86", "cpe:/o:microsoft:windows_10:-::~~~~x64~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~", "cpe:/o:microsoft:windows_10:-::~~~~x86~", "cpe:/o:microsoft:windows_server_2008::sp2", "cpe:/o:microsoft:windows_7::sp1:x64", "cpe:/o:microsoft:windows_8:-:-:x64", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:r2:sp1", "cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~", "cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7::sp1:x86", "cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~", "cpe:/o:microsoft:windows_10:1511::~~~~x64~", "cpe:/o:microsoft:windows_vista::sp2", "cpe:/o:microsoft:windows_rt:-", "cpe:/o:microsoft:windows_10:1511::~~~~x86~"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"symantec": [{"lastseen": "2018-03-11T18:48:56", "references": [], "edition": 2, "description": "### Description\n\nMicrosoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows RT \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Vista Service Pack 2 \n * Microsoft Windows Vista x64 Edition Service Pack 2 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nTo exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "reporter": "Symantec Security Response", "published": "2015-12-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "symantec", "title": "Microsoft Windows Kernel CVE-2015-6171 Local Privilege Escalation Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft Windows Vista x64 Edition Service Pack", "version": "2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2012 R2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "10 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "8 for 32-bit Systems ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 R2 for x64-based Systems SP1 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "8.1 for 32-bit Systems ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "8 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for 32-bit Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Service Pack", "version": "2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "10 for 32-bit Systems ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "10 version 1511 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2012 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "7 for 32-bit Systems SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for x64-based Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "10 version 1511 for 32-bit Systems ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "7 for x64-based Systems SP1 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "8.1 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for Itanium-based Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows RT", "version": "8.1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 R2 for Itanium-based Systems SP1 ", "operator": "eq"}], "cvelist": ["CVE-2015-6171"], "modified": "2015-12-08T00:00:00", "id": "SMNTC-78506", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/78506", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-04-07T23:42:55", "references": [], "edition": 2, "description": "Exploit for windows platform in category dos / poc", "reporter": "Nils Sommer", "published": "2015-12-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "zdt", "title": "Microsoft Windows Kernel win32k!OffsetChildren - Null Pointer Dereference", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-6171"], "modified": "2015-12-17T00:00:00", "id": "1337DAY-ID-25721", "href": "https://0day.today/exploit/description/25721", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=544\r\n \r\nThe attached PoC triggers a null pointer vulnerability in OffsetChildren on Windows 7 32-bit. By mapping the null page an attacker can leverage this vulnerability to write to an arbitrary address.\r\n---\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39025.zip\n\n# 0day.today [2018-04-07] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25721"}], "exploitdb": [{"lastseen": "2016-02-04T09:20:40", "osvdbidlist": ["131350"], "references": [], "description": "Windows Kernel win32k!OffsetChildren - Null Pointer Dereference. CVE-2015-6171. Dos exploit for windows platform", "edition": 1, "reporter": "Nils Sommer", "published": "2015-12-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Windows Kernel win32k!OffsetChildren - Null Pointer Dereference", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-6171"], "modified": "2015-12-17T00:00:00", "id": "EDB-ID:39025", "href": "https://www.exploit-db.com/exploits/39025/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=544\r\n\r\nThe attached PoC triggers a null pointer vulnerability in OffsetChildren on Windows 7 32-bit. By mapping the null page an attacker can leverage this vulnerability to write to an arbitrary address.\r\n---\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39025.zip\r\n\r\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/39025/"}], "nessus": [{"lastseen": "2018-09-01T23:34:47", "references": ["https://technet.microsoft.com/library/security/MS15-135"], "pluginID": "87264", "description": "The remote Windows host is affected by multiple elevation of privilege vulnerabilities due to improper handling of objects in memory by the Windows kernel. An authenticated, remote attacker can exploit these vulnerabilities by running a specially crafted application, resulting in an elevation of privileges.", "edition": 6, "reporter": "Tenable", "published": "2015-12-08T00:00:00", "title": "MS15-135: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6173", "CVE-2015-6174", "CVE-2015-6175", "CVE-2015-6171"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS15-135.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87264", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87264);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/30 15:31:33\");\n\n script_cve_id(\n \"CVE-2015-6171\",\n \"CVE-2015-6173\",\n \"CVE-2015-6174\",\n \"CVE-2015-6175\"\n );\n script_bugtraq_id(\n 78506,\n 78510,\n 78513,\n 78514\n );\n script_xref(name:\"MSFT\", value:\"MS15-135\");\n script_xref(name:\"MSKB\", value:\"3109094\");\n script_xref(name:\"MSKB\", value:\"3116869\");\n script_xref(name:\"MSKB\", value:\"3116900\");\n script_xref(name:\"IAVA\", value:\"2015-A-0299\");\n\n script_name(english:\"MS15-135: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)\");\n script_summary(english:\"Checks the version of win32k.sys.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple elevation of privilege\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is affected by multiple elevation of privilege\nvulnerabilities due to improper handling of objects in memory by the\nWindows kernel. An authenticated, remote attacker can exploit these\nvulnerabilities by running a specially crafted application, resulting\nin an elevation of privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS15-135\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows Vista, 2008, 7,\n2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-135';\nkbs = make_list(\n \"3109094\",\n \"3116869\",\n \"3116900\"\n);\nvuln = 0;\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # 8.1 / 2012 R2\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"win32k.sys\", version:\"6.3.9600.18123\", min_version:\"6.3.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3109094\") ||\n # 8 / 2012\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"win32k.sys\", version:\"6.2.9200.17568\", min_version:\"6.2.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3109094\") ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"win32k.sys\", version:\"6.2.9200.21687\", min_version:\"6.2.9200.20000 \", dir:\"\\system32\", bulletin:bulletin, kb:\"3109094\") ||\n # 7 / 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"win32k.sys\", version:\"6.1.7601.19061\", min_version:\"6.1.7600.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3109094\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"win32k.sys\", version:\"6.1.7601.23265\", min_version:\"6.1.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3109094\") ||\n # Vista / 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"win32k.sys\", version:\"6.0.6002.19535\", min_version:\"6.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3109094\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"win32k.sys\", version:\"6.0.6002.23845\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"3109094\")\n)\n vuln++;\n\nif (\n # 10 RTM\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"win32kfull.sys\", version:\"10.0.10240.16603\", dir:\"\\system32\", bulletin:bulletin, kb:\"3116869\") ||\n # 10 threshold 2 (aka 1511)\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"win32kfull.sys\", version:\"10.0.10586.20\", min_version:\"10.0.10586.0\", dir:\"\\system32\", bulletin:bulletin, kb:\"3116900\")\n)\n vuln++;\n\nif (vuln)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:39:25", "references": ["https://technet.microsoft.com/library/security/MS15-128", "https://technet.microsoft.com/library/security/MS15-135", "https://support.microsoft.com/en-us/kb/3119075"], "pluginID": "1361412562310806776", "description": "This host is missing an important security\n update according to Microsoft Bulletin MS15-135.", "edition": 9, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-12-09T00:00:00", "title": "Microsoft Windows Kernel-Mode Drivers Code Execution Vulnerability (3119075)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-6173", "CVE-2015-6174", "CVE-2015-6175", "CVE-2015-6171", "CVE-2015-6108", "CVE-2015-6106", "CVE-2015-6107"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310806776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806776", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms15-135.nasl 11876 2018-10-12 12:20:01Z cfischer $\n#\n# Microsoft Windows Kernel-Mode Drivers Code Execution Vulnerability (3119075)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806776\");\n script_version(\"$Revision: 11876 $\");\n script_cve_id(\"CVE-2015-6171\", \"CVE-2015-6173\", \"CVE-2015-6174\", \"CVE-2015-6175\",\n \"CVE-2015-6106\", \"CVE-2015-6107\", \"CVE-2015-6108\");\n script_bugtraq_id(78509, 78510, 78513, 78514, 78497, 78498, 78499);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 14:20:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 08:11:32 +0530 (Wed, 09 Dec 2015)\");\n script_name(\"Microsoft Windows Kernel-Mode Drivers Code Execution Vulnerability (3119075)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Bulletin MS15-135.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple local privilege-escalation vulnerabilities.\n\n - Multiple remote code execution vulnerabilities when the Windows font library\n improperly handles specially crafted embedded fonts\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code in kernel mode with elevated privileges.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 8 x32/x64\n Microsoft Windows 10 x32/x64\n Microsoft Windows 8.1 x32/x64 Edition\n Microsoft Windows Server 2012/2012R2\n Microsoft Windows 10 Version 1511 x32/x64\n Microsoft Windows Vista x32/x64 Edition Service Pack 2\n Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2\n Microsoft Windows 7 x32/x64 Edition Service Pack 1\n Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1.\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the\n listed hotfixes or download and install the hotfixes from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3119075\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-135\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-128\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2, win8:1,\n win8x64:1, win2012:1, win2012R2:1, win8_1:1, win8_1x64:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"System32\\User32.dll\");\nif(!dllVer){\n exit(0);\n}\n\nif (dllVer =~ \"^(6\\.0\\.6002\\.1)\"){\n Vulnerable_range = \"Less than 6.0.6002.19535\";\n}\nelse if (dllVer =~ \"^(6\\.0\\.6002\\.2)\"){\n Vulnerable_range = \"6.0.6002.23000 - 6.0.6002.23844\";\n}\nelse if (dllVer =~ \"^(6\\.2\\.9200\\.1)\"){\n Vulnerable_range = \"Less than 6.2.9200.17568\";\n}\nelse if (dllVer =~ \"^(6\\.2\\.9200\\.2)\"){\n Vulnerable_range = \"6.2.9200.21000 - 6.2.9200.21686\";\n}\nelse if (dllVer =~ \"^(6\\.3\\.9600\\.1)\"){\n Vulnerable_range = \"Less than 6.3.9600.18123\";\n}\nelse if (dllVer =~ \"^(6\\.1\\.7600\\.1)\"){\n Vulnerable_range = \"Less than 6.1.7601.19061\";\n}\nelse if (dllVer =~ \"^(6\\.1\\.7601\\.1)\"){\n Vulnerable_range = \"Less than 6.1.7601.19061\";\n}\nelse if (dllVer =~ \"^(6\\.1\\.7601\\.2)\"){\n Vulnerable_range = \"6.1.7601.22000 - 6.1.7601.23264\";\n}\n\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.19535\")||\n version_in_range(version:dllVer, test_version:\"6.0.6002.23000\", test_version2:\"6.0.6002.23844\")){\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.1.7601.19061\") ||\n version_in_range(version:dllVer, test_version:\"6.1.7601.22000\", test_version2:\"6.1.7601.23264\")){\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8:1, win2012:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.2.9200.17568\") ||\n version_in_range(version:dllVer, test_version:\"6.2.9200.21000\", test_version2:\"6.2.9200.21686\")){\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.3.9600.18123\")){\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"10.0.10240.16384\"))\n {\n Vulnerable_range = \"Less than 10.0.10240.16384\";\n VULN = TRUE ;\n }\n\n else if(version_in_range(version:dllVer, test_version:\"10.0.10586.0\", test_version2:\"10.0.10586.19\"))\n {\n Vulnerable_range = \"10.0.10586.0 - 10.0.10586.19\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + sysPath + \"\\system32\\User32.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-11-16T08:23:21", "references": [], "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n12/08/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service or gain privileges.\n\n### *Affected products*:\nMicrosoft Windows Vista Service Pack 2 \nMicrosoft Windows Server 2008 Service Pack 2 \nMicrosoft Windows 7 Service Pack 1 \nMicrosoft Windows Server 2008 R2 Service Pack 1 \nMicrosoft Windows 8 \nMicrosoft Windows 8.1 \nMicrosoft Windows Server 2012 \nMicrosoft Windows Server 2012 R2 \nMicrosoft Windows 10 \nMicrosoft Windows 10 version 1511 \nWindows Media Center\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-6127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6127>) \n[CVE-2015-6131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6131>) \n[CVE-2015-6130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6130>) \n[CVE-2015-6133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6133>) \n[CVE-2015-6132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6132>) \n[CVE-2015-6126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6126>) \n[CVE-2015-6125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6125>) \n[CVE-2015-6175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6175>) \n[CVE-2015-6174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6174>) \n[CVE-2015-6128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6128>) \n[CVE-2015-6171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6171>) \n[CVE-2015-6173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-6173>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows Vista](<https://threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/>)\n\n### *CVE-IDS*:\n[CVE-2015-6127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6127>) \n[CVE-2015-6131](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6131>) \n[CVE-2015-6130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6130>) \n[CVE-2015-6133](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6133>) \n[CVE-2015-6132](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6132>) \n[CVE-2015-6126](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6126>) \n[CVE-2015-6125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6125>) \n[CVE-2015-6175](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6175>) \n[CVE-2015-6174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6174>) \n[CVE-2015-6128](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6128>) \n[CVE-2015-6171](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6171>) \n[CVE-2015-6173](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6173>) \n\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3108347](<http://support.microsoft.com/kb/3108347>) \n[3109094](<http://support.microsoft.com/kb/3109094>) \n[3109103](<http://support.microsoft.com/kb/3109103>) \n[3116130](<http://support.microsoft.com/kb/3116130>) \n[3108381](<http://support.microsoft.com/kb/3108381>) \n[3108371](<http://support.microsoft.com/kb/3108371>) \n[3116162](<http://support.microsoft.com/kb/3116162>) \n[3100465](<http://support.microsoft.com/kb/3100465>) \n[3116900](<http://support.microsoft.com/kb/3116900>) \n[3116869](<http://support.microsoft.com/kb/3116869>) \n[3119075](<http://support.microsoft.com/kb/3119075>) \n[3108670](<http://support.microsoft.com/kb/3108670>) \n[3108669](<http://support.microsoft.com/kb/3108669>)", "edition": 25, "reporter": "Kaspersky Lab", "published": "2015-12-08T00:00:00", "title": "\r KLA10714Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-6128", "CVE-2015-6125", "CVE-2015-6173", "CVE-2015-6174", "CVE-2015-6133", "CVE-2015-6132", "CVE-2015-6175", "CVE-2015-6171", "CVE-2015-6131", "CVE-2015-6126", "CVE-2015-6127", "CVE-2015-6130"], "modified": "2018-11-15T00:00:00", "id": "KLA10714", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10714", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
