The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Windows 2003

computer vulnerability note CVE-2014-1767

Windows: privilege elevation via AFD

Synthesis of the vulnerability

A local attacker can create an error in Ancillary Function Driver in order to execute code with system privileges.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 08/07/2014.
Revision date: 16/02/2016.
Identifiers: 2975684, CERTFR-2014-AVI-303, CVE-2014-1767, MS14-040, VIGILANCE-VUL-15009, ZDI-14-220.

Description of the vulnerability

The afd.sys (Ancillary Function Driver) driver is used to access to Winsock network features. The TDI (Transport Driver Interface) interface is used to communicate with AFD.

However, TDI does not correctly check User Mode parameters given to the kernel.

A local attacker can therefore create an error in Ancillary Function Driver in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-2387

Windows: memory corruption via ATM Font Driver

Synthesis of the vulnerability

A local attacker can generate a memory corruption in ATMFD.DLL of Windows, in order to trigger a denial of service, and possibly to run code.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 15/07/2015.
Identifiers: 3077657, CERTFR-2015-AVI-290, CVE-2015-2387, MS15-077, VIGILANCE-VUL-17368, VU#103336.

Description of the vulnerability

The ATMFD.DLL (Adobe Type Manager Font Driver) library is installed on the system to manage character fonts.

However, a local application using a malicious font corrupts the ATMFD.DLL memory.

A local attacker can therefore generate a memory corruption in ATMFD.DLL of Windows, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-2370

Windows: privilege escalation via RPC

Synthesis of the vulnerability

A local attacker can bypass the authentication via RPC of Windows, in order to escalate his privileges.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 15/07/2015.
Identifiers: 3067505, CERTFR-2015-AVI-291, CVE-2015-2370, MS15-076, VIGILANCE-VUL-17367.

Description of the vulnerability

The RPC (Remote Procedure Call) feature allows a process to query another process.

However, an attacker can use a DCE/RPC connection reflection, to bypass the authentication.

A local attacker can therefore bypass the authentication via RPC of Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-2416 CVE-2015-2417

Windows: two vulnerabilities of OLE

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OLE of Windows.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/07/2015.
Identifiers: 3072633, CERTFR-2015-AVI-292, CVE-2015-2416, CVE-2015-2417, MS15-075, VIGILANCE-VUL-17366.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features, in order to escalate his privileges by using another vulnerability. [severity:2/4; CVE-2015-2416]

An attacker can bypass security features, in order to escalate his privileges by using another vulnerability. [severity:2/4; CVE-2015-2417]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-2371

Windows: privilege escalation via MSI

Synthesis of the vulnerability

A local attacker can create a Trojan Horse for the Windows Installer, in order to escalate his privileges.
Impacted products: Windows 10, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 15/07/2015.
Identifiers: 3072630, CERTFR-2015-AVI-293, CVE-2015-2371, MS15-074, VIGILANCE-VUL-17364, ZDI-15-339.

Description of the vulnerability

The Windows Installer is called to install software on the system from a MSI file.

When a software was installed, the Windows Installer can execute new scripts it finds on the system. These scripts are run with the privilege of the next user.

A local attacker can therefore create a Trojan Horse for the Windows Installer, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-2363 CVE-2015-2365 CVE-2015-2366

Windows: six vulnerabilities of Win32k

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Win32k of Windows.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 6.
Creation date: 15/07/2015.
Identifiers: 3070102, CERTFR-2015-AVI-294, CVE-2015-2363, CVE-2015-2365, CVE-2015-2366, CVE-2015-2367, CVE-2015-2381, CVE-2015-2382, MS15-073, VIGILANCE-VUL-17363, ZDI-15-536.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-2363]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-2365]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-2366]

An attacker can bypass security features, in order to obtain sensitive information about the memory. [severity:1/4; CVE-2015-2367, ZDI-15-536]

An attacker can bypass security features, in order to obtain sensitive information about the memory. [severity:1/4; CVE-2015-2381]

An attacker can bypass security features, in order to obtain sensitive information about the memory. [severity:1/4; CVE-2015-2382]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-2364

Windows: privilege escalation via Bitmap

Synthesis of the vulnerability

A local attacker can request the conversion of a Bitmap image on Windows, in order to escalate his privileges.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 15/07/2015.
Identifiers: 3069392, CERTFR-2015-AVI-295, CVE-2015-2364, MS15-072, VIGILANCE-VUL-17362.

Description of the vulnerability

The Windows system uses graphic components.

However, during the conversion of a Bitmap image, code can be executed.

A local attacker can therefore request the conversion of a Bitmap image on Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2374

Windows: privilege escalation via Netlogon

Synthesis of the vulnerability

An attacker can use the Netlogon service of Windows, in order to escalate his privileges.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 15/07/2015.
Identifiers: 3068457, CERTFR-2015-AVI-296, CVE-2015-2374, MS15-071, VIGILANCE-VUL-17361.

Description of the vulnerability

The Netlogon service of Windows authenticates users on the domain, by connecting to a PDC (Primary Domain Controller).

However, an attacker can spoof the identity of a BDC (Backup Domain Controller), to then capture users' passwords.

An attacker can therefore use the Netlogon service of Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-2368 CVE-2015-2369

Windows: code execution via DLL

Synthesis of the vulnerability

An attacker can invite the victim to open an application from a directory containing a malicious DLL, in order to run code.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/07/2015.
Identifiers: 3072631, CERTFR-2015-AVI-298, CVE-2015-2368, CVE-2015-2369, MS15-069, VIGILANCE-VUL-17359, ZDI-15-325.

Description of the vulnerability

Two vulnerabilities were announced in Windows.

An attacker can invite the victim to open an application from a directory containing a malicious DLL, in order to run code. [severity:3/4; CVE-2015-2368, ZDI-15-325]

An attacker can invite the victim to open an RTF document from a directory containing a malicious DLL, in order to run code. [severity:3/4; CVE-2015-2369]

An attacker can therefore invite the victim to open an application from a directory containing a malicious DLL, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-2372

Microsoft VBScript: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of Microsoft VBScript, in order to trigger a denial of service, and possibly to run code.
Impacted products: Windows 2003, Windows 2008 R0, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 15/07/2015.
Identifiers: 3072604, CERTFR-2015-AVI-301, CVE-2015-2372, MS15-066, VIGILANCE-VUL-17356.

Description of the vulnerability

The VBScript engine is installed on Windows, and it is for example called from Internet Explorer to interpret scripts.

However, a script manipulating a malformed object corrupts the VBScript memory.

An attacker can therefore generate a memory corruption of Microsoft VBScript, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.