Oval Definition:oval:org.mitre.oval:def:28664
Revision Date:2015-02-23Version:46
Title:Graphics component information disclosure vulnerability - CVE-2015-0002 (MS15-001)
Description:The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-0002
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis
  • Win 7 / R2 + vulnerable file version
  • Win 7 / R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Check for vulnerable version
  • Check if the version of Ntoskrnl.exe is less than 6.1.7601.18700
  • OR Check for LDR range
  • Check if the version of Ntoskrnl.exe is greater than or equal to 6.1.7601.22000
  • AND Check if the version of Ntoskrnl.exe is less than 6.1.7601.22908
  • OR Win 8/2k12 and vulnerable file version
  • Microsoft Windows 8 (x86) is installed
  • AND Check for vulnerable version
  • Check if the version of Ntoskrnl.exe is less than 6.2.9200.17214
  • OR Check for LDR range
  • Check if the version of Ntoskrnl.exe is less than 6.2.9200.21317
  • AND Check if the version of Ntoskrnl.exe is greater than or equal to 6.2.9200.21000
  • OR Win 8/2k12 and vulnerable file version
  • Win 8 / 2k12
  • Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check for vulnerable version
  • Check if the version of Ntoskrnl.exe is less than 6.2.9200.17213
  • OR Check for LDR range
  • Check if the version of Ntoskrnl.exe is less than 6.2.9200.21317
  • AND Check if the version of Ntoskrnl.exe is greater than or equal to 6.2.9200.21000
  • OR Win 8.1 / 2K12 R2and vulnerable file version
  • Win 8.1 / 2k12 R2
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check if the version of Ahcache.sys is less than 6.3.9600.17555
    • BACK