Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10714
HistoryDec 08, 2015 - 12:00 a.m.

KLA10714 Multiple vulnerabilities in Microsoft Windows

2015-12-0800:00:00
Kaspersky Lab
threats.kaspersky.com
254

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.5%

JSON

Detect date:

12/08/2015

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service or gain privileges.

Affected products:

Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Microsoft Windows 10 version 1511
Windows Media Center

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2015-6127
CVE-2015-6131
CVE-2015-6130
CVE-2015-6133
CVE-2015-6132
CVE-2015-6126
CVE-2015-6125
CVE-2015-6175
CVE-2015-6174
CVE-2015-6128
CVE-2015-6171
CVE-2015-6173

Impacts:

ACE

Related products:

Microsoft Windows Vista

CVE-IDS:

CVE-2015-61274.3Warning
CVE-2015-61319.3Critical
CVE-2015-61309.3Critical
CVE-2015-61337.2High
CVE-2015-61327.2High
CVE-2015-61267.2High
CVE-2015-61259.3Critical
CVE-2015-61757.2High
CVE-2015-61747.2High
CVE-2015-61287.2High
CVE-2015-61717.2High
CVE-2015-61737.2High

Microsoft official advisories:

KB list:

3108347
3109094
3109103
3116130
3108381
3108371
3116162
3100465
3116900
3116869
3119075
3108670
3108669

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 6
mskb 3
prion 12
cvelist 12
cve 12
openvas 6
kaspersky 1
packetstorm 2
zdt 7
checkpoint_advisories 5
symantec 12
exploitpack 2
attackerkb 2
cisa_kev 1
seebug 2
exploitdb 2
threatpost 1
avleonov 1
nessus
nessus
MS15-135: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)
2015-12-08 00:00:00
MS15-132: Security Update for Microsoft Windows to Address Remote Code Execution (3116162)
2015-12-08 00:00:00
MS15-134: Security Update for Windows Media Center to Address Remote Code Execution (3108669)
2015-12-08 00:00:00
mskb
mskb
MS15-135: Security update for Windows kernel-mode drivers to address elevation of privilege: December 8, 2015
2015-12-08 00:00:00
MS15-132: Security update for Windows to address remote code execution: December 8, 2015
2015-12-08 00:00:00
MS15-133: Security update for Windows PGM to address elevation of privilege: December 8, 2015
2015-12-08 00:00:00
prion
prion
Privilege escalation
2015-12-09 11:59:00
Privilege escalation
2015-12-09 11:59:00
Privilege escalation
2015-12-09 11:59:00
cvelist
cvelist
CVE-2015-6171
2015-12-09 11:00:00
CVE-2015-6173
2015-12-09 11:00:00
CVE-2015-6174
2015-12-09 11:00:00
cve
cve
CVE-2015-6174
2015-12-09 11:59:00
CVE-2015-6171
2015-12-09 11:59:00
CVE-2015-6173
2015-12-09 11:59:00
openvas
openvas
Microsoft Windows Remote Code Execution Vulnerability (3116162)
2015-12-09 00:00:00
Microsoft Windows Kernel-Mode Drivers Code Execution Vulnerability (3119075)
2015-12-09 00:00:00
Microsoft Windows Media Center Remote Code Execution Vulnerability (3108669)
2015-12-09 00:00:00
kaspersky
kaspersky
KLA10715Multiple vulnerabilities in Microsoft Windows Media Center
2015-12-08 00:00:00
packetstorm
packetstorm
Office OLE DLL Hijacking
2016-11-10 00:00:00
Microsoft Windows Media Center Incorrectly Resolved Reference
2015-12-09 00:00:00
zdt
zdt
Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-04
2017-03-23 00:00:00
win32k Clipboard Bitmap - Use-After-Free
2015-12-17 00:00:00
Microsoft Windows Kernel win32k!OffsetChildren - Null Pointer Dereference
2015-12-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows DNS Use After Free (MS15-127: CVE-2015-6125)
2016-03-16 00:00:00
Microsoft Windows Media Center Information Disclosure (MS15-134: CVE-2015-6127)
2015-12-08 00:00:00
Microsoft Windows Media Center Remote Code Execution (MS15-134: CVE-2015-6131)
2015-12-08 00:00:00
symantec
symantec
Microsoft Windows CVE-2015-6125 DNS Use After Free Remote Code Execution Vulnerability
2015-12-08 00:00:00
Microsoft Windows Kernel CVE-2015-6173 Local Privilege Escalation Vulnerability
2015-12-08 00:00:00
Microsoft Windows CVE-2015-6127 Information Disclosure Vulnerability
2015-12-08 00:00:00
exploitpack
exploitpack
Microsoft Windows Media Center - .Link File Incorrectly Resolved Reference (MS15-134)
2015-12-09 00:00:00
Microsoft Windows Media Center Library - Parsing Remote Code Execution aka self-executing MCL File
2015-12-09 00:00:00
attackerkb
attackerkb
CVE-2015-6175
2015-12-09 00:00:00
MS15-134 Microsoft Office COM Object DLL Planting with els.dll
2015-12-09 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Kernel Privilege Escalation Vulnerability
2022-05-25 00:00:00
seebug
seebug
Windows ζƒι™ζε‡ζΌζ΄ž CVE-2015-6132
2015-12-14 00:00:00
Microsoft Windows θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž (CVE-2015-6133)
2015-12-16 00:00:00
exploitdb
exploitdb
Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference (MS15-134)
2015-12-09 00:00:00
Microsoft Windows Media Center Library - Parsing Remote Code Execution aka 'self-executing' MCL File
2015-12-09 00:00:00
threatpost
threatpost
December 2015 Microsoft Patch Tuesday Security Bulletins
2015-12-08 14:57:53
avleonov
avleonov
CWEs in NVD CVE feed: analysis and complaints
2017-10-21 14:10:30

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.963 High

EPSS

Percentile

99.5%

JSON
Related for KLA10714
nessus6mskb3prion12cvelist12cve12openvas6kaspersky1packetstorm2zdt7checkpoint_advisories5symantec12exploitpack2attackerkb2cisa_kev1seebug2exploitdb2threatpost1avleonov1