Kaspersky LabKLA10549KLA10549 Code execution vulnerability in Microsoft GC
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.762 High
EPSS
Percentile
98.1%
Detect date:
04/14/2015
Severity:
Critical
Description:
An unspecified vulnerability was found in Microsoft products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed EMF image.
Affected products:
Windows Server 2003 x86, x64, Itanium Service Pack 2
Windows Vista x86, x64 Service Pack 2
Windows Server 2008 x86, x64, Itanium Service Pack 2
Windows 7 x86, x64 Service Pack 1
Windows Servier 2008 R2 x64, Itanium Service Pack 1
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2015-16459.3Critical
Microsoft official advisories:
KB list:
References
support.microsoft.com/kb/3046306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1645
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1645
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms15-035
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2003/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.762 High
EPSS
Percentile
98.1%