Lucene search
K

5 matches found

NVD
NVD
added 2015/04/14 8:59 p.m.25 views

CVE-2015-1644

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted...

7.2CVSS6.2AI score0.01755EPSS
Exploits4References3
CVE
CVE
added 2015/04/14 8:0 p.m.91 views

CVE-2015-1644

CVE-2015-1644 describes an elevation-of-privilege flaw in Windows where impersonation levels are not properly constrained, enabling local users to gain privileges via a crafted application. Affected products include Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Window...

7.2CVSS6.2AI score0.01755EPSS
Exploits4References3Affected Software9
Check Point Advisories
Check Point Advisories
added 2015/04/14 12:0 a.m.4 views

Microsoft Windows MS-DOS Device Name Elevation of Privilege (MS15-038; CVE-2015-1644)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when Microsoft Windows fails to properly validate and enforce impersonation levels. A remote attacker can exploit this issue by logging on to the system and running a specially crafted application...

7.2CVSS5.9AI score0.01755EPSS
Exploits4
Symantec
Symantec
added 2015/04/14 12:0 a.m.77 views

Microsoft Windows CVE-2015-1644 Remote Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain admin privileges on a targeted system. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya CallPilot 5.0.1 Avaya CallPilot 5.1.0...

7.2CVSS6.9AI score0.01755EPSS
Exploits4Affected Software11
ATTACKERKB
ATTACKERKB
added 2015/04/14 12:0 a.m.48 views

DosDevices Impersonation Process Creation Elevation of Privilege

The fix for CVE-2015-1644 doesn’t take into account process creation scenarios. If a process is created by a system service while impersonating another user their per-user drive mappings will still be used which could lead to EoP. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: N...

7.2CVSS4.2AI score0.01755EPSS
Exploits4References5
Rows per page
Query Builder