The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Windows Server 2008 R0

computer vulnerability bulletin CVE-2015-1701

Windows: privilege escalation

Synthesis of the vulnerability

A local attacker can use a vulnerability of Windows, in order to escalate his privileges.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 21/04/2015.
Revision date: 23/06/2015.
Identifiers: CVE-2015-1701, VIGILANCE-VUL-16688.

Description of the vulnerability

A local attacker can use a vulnerability of Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-1758

Microsoft Windows: privilege escalation via LoadLibrary

Synthesis of the vulnerability

An attacker can make LoadLibrary from Microsoft Windows run a DLL, in order to escalate his privileges.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 10/06/2015.
Identifiers: 3063858, CERTFR-2015-AVI-250, CVE-2015-1758, MS15-063, VIGILANCE-VUL-17095.

Description of the vulnerability

The LoadLibrary function is used to load shared libraries and plugins.

However, Windows does not rightly check the user input (likely the arguments of the call). An attacker could then make Windows load and run a DLL with more provileges that the calling process.

An attacker can therefore make LoadLibrary from Microsoft Windows run a DLL, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-1757

Microsoft Windows Active Directory: privilege escalation via XSS

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Microsoft Windows Active Directory, in order to execute JavaScript code in the context of the web site.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, client access/rights.
Provenance: document.
Creation date: 10/06/2015.
Identifiers: CERTFR-2015-AVI-249, CVE-2015-1757, VIGILANCE-VUL-17094.

Description of the vulnerability

The Microsoft Windows Active Directory product offers a web interface.

However, data received from an HTTP response are not filtered as they should; which allows an attacker to make the user's browser to act on the Active Directory with the user privileges.

An attacker can therefore trigger a Cross Site Scripting in Microsoft Windows Active Directory, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-1719 CVE-2015-1720 CVE-2015-1721

Microsoft Windows: 11 vulnerabilities of the kernel

Synthesis of the vulnerability

An attacker can use several vulnerabilities of the Microsoft Windows kernel.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 11.
Creation date: 10/06/2015.
Identifiers: 3057839, CERTFR-2015-AVI-248, CVE-2015-1719, CVE-2015-1720, CVE-2015-1721, CVE-2015-1722, CVE-2015-1723, CVE-2015-1724, CVE-2015-1725, CVE-2015-1726, CVE-2015-1727, CVE-2015-1768, CVE-2015-2360, MS15-061, VIGILANCE-VUL-17093.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Windows.

An attacker can read a memory fragment of the kernel, in order to obtain sensitive information. [severity:3/4; CVE-2015-1719]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1720]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2015-1721]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1722]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1723]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1724]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1725]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1726]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1727]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2015-1768]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2015-2360]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-1756

Microsoft Windows: use after free

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area of Microsoft Windows, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows Vista.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/06/2015.
Identifiers: 3059317, CERTFR-2015-AVI-247, CVE-2015-1756, MS15-060, VIGILANCE-VUL-17092.

Description of the vulnerability

The Microsoft Windows product manages the processing which is common to all types of URL.

However, for some kind of links, following them triggers the use of freed memory the content of which is partially controlled by the link provider.

An attacker can therefore force the usage of a freed memory area of Microsoft Windows, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-1728

Windows Media Player: code execution via DataObject

Synthesis of the vulnerability

An attacker can create a specially crafted file to be viewed with Windows Media Player, in order to execute code.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 10/06/2015.
Identifiers: 3033890, CERTFR-2015-AVI-245, CVE-2015-1728, MS15-057, VIGILANCE-VUL-17090.

Description of the vulnerability

The Windows Media Player is used to show multimedia files.

However, data represented with the DataObject data type are not handled as they should.

An attacker can therefore create a specially crafted file to be viewed with Windows Media Player, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-1676 CVE-2015-1677 CVE-2015-1678

Windows: six vulnerabilities of Kernel-Mode Drivers

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Kernel-Mode Drivers of Windows.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 6.
Creation date: 12/05/2015.
Revision date: 08/06/2015.
Identifiers: 3057191, CERTFR-2015-AVI-216, CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, CVE-2015-1680, CVE-2015-1701, MS15-051, VIGILANCE-VUL-16892, ZDI-15-185, ZDI-15-186, ZDI-15-187, ZDI-15-188, ZDI-15-190.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-1676, ZDI-15-190]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-1677, ZDI-15-185]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-1678, ZDI-15-186]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-1679, ZDI-15-187]

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; CVE-2015-1680, ZDI-15-188]

An attacker can bypass security features of Win32k.sys, in order to escalate his privileges. [severity:2/4; CVE-2015-1701]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-1716

Windows: information disclosure via Schannel

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the Windows Schannel client to accept a weak algorithm, in order to more easily capture or alter exchanged data.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 12/05/2015.
Identifiers: 3061518, CERTFR-2015-AVI-220, CVE-2015-1716, MS15-055, VIGILANCE-VUL-16896.

Description of the vulnerability

The SChannel (Secure Channel) SSP implements the SSL and TLS protocols, which are used to authenticate the client/server and to create a secured tunnel.

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session. Several cryptographic algorithms can be negotiated. However, Schannel accepts Diffie-Hellman Ephemeral keys of 512 bits only.

An attacker, located as a Man-in-the-Middle, can therefore force the Windows Schannel client to accept a weak algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2015-1681

Windows: denial of service via Microsoft Management Console MSC

Synthesis of the vulnerability

An attacker can invite the victim to load a file for the Microsoft Management Console of Windows, in order to trigger a denial of service.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/05/2015.
Identifiers: 3051768, CERTFR-2015-AVI-219, CVE-2015-1681, MS15-054, VIGILANCE-VUL-16895, ZDI-15-191.

Description of the vulnerability

The Windows product can load modules in the Management Console, using MSC files.

However, when this file is loaded, directly or through a network share, a fatal error occurs.

An attacker can therefore invite the victim to load a file for the Microsoft Management Console of Windows, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-1684 CVE-2015-1686

Windows: two vulnerabilities of JScript/VBScript

Synthesis of the vulnerability

An attacker can use several vulnerabilities of JScript/VBScript of Windows.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/05/2015.
Identifiers: 3057263, CERTFR-2015-AVI-218, CVE-2015-1684, CVE-2015-1686, MS15-053, VIGILANCE-VUL-16894, ZDI-15-183.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can use VBScript, in order to bypass ASLR. [severity:2/4; CVE-2015-1684, ZDI-15-183]

An attacker can use VBScript/JScript, in order to bypass ASLR. [severity:2/4; CVE-2015-1686]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Windows Server 2008 R0: