Lucene search

[email protected]NVD:CVE-2015-2423

HistoryAug 15, 2015 - 12:59 a.m.

CVE-2015-2423

2015-08-1500:59:03

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.1%

JSON

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka “Unsafe Command Line Parameter Passing Vulnerability.”

Affected configurations

NVD

Node

microsoftexcelMatch2007sp3

microsoftexcelMatch2010sp2

microsoftexcelMatch2013sp1

microsoftexcelMatch2013sp1rt

microsoftofficeMatch2010sp2

microsoftpowerpointMatch2007sp3

microsoftpowerpointMatch2010sp2

microsoftpowerpointMatch2013sp1

microsoftpowerpointMatch2013sp1rt

microsoftvisioMatch2007sp3

microsoftvisioMatch2010sp2

microsoftvisioMatch2013sp1

microsoftvisioMatch2013sp1rt

microsoftvisioMatch2016

microsoftwordMatch2007sp3

microsoftwordMatch2010sp2

microsoftwordMatch2013sp1

microsoftwordMatch2013sp1rt

microsoftwordMatch2016

Node

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch8

microsoftinternet_explorerMatch9

microsoftinternet_explorerMatch10

microsoftinternet_explorerMatch11-

Node

microsoftwindows_10Match-

microsoftwindows_7Match-sp1

microsoftwindows_8Match-

microsoftwindows_8.1Match-

microsoftwindows_rtMatch-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1itanium

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_vistaMatch-sp2

References

www.securitytracker.com/id/1033237

www.securitytracker.com/id/1033239

www.securitytracker.com/id/1033248

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-081

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-088

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.1%

JSON

Related for NVD:CVE-2015-2423

openvas7 symantec1 cve1 nessus3 checkpoint_advisories1 prion1 cvelist1 mskb3 threatpost1 kaspersky3 securityvulns1