Lucene search

[email protected]CVE-2015-8579

HistoryDec 16, 2015 - 6:59 p.m.

CVE-2015-8579

2015-12-1618:59:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-8579

kaspersky

total security

vulnerability

bypass

dep

aslr

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.9%

JSON

Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.

Affected configurations

NVD

Node

kasperskytotal_security_2015Match15.0.2.361

CPENameOperatorVersion
kaspersky:total_security_2015kaspersky total security 2015eq15.0.2.361

CPE	Name	Operator	Version
kaspersky:total_security_2015	kaspersky total security 2015	eq	15.0.2.361

References

blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations

breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations/

www.securityfocus.com/bid/78815

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.9%

JSON

Related for CVE-2015-8579

nvd1 prion1 cvelist1 openvas1