| Vulnerability Name: | CVE-2014-4064 (CCN-95007) | ||||||||
| Assigned: | 2014-08-12 | ||||||||
| Published: | 2014-08-12 | ||||||||
| Updated: | 2019-05-13 | ||||||||
| Summary: | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka "Windows Kernel Pool Allocation Vulnerability." | ||||||||
| CVSS v3 Severity: | 3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-4064 Source: SECUNIA Type: Third Party Advisory 60673 Source: CCN Type: Microsoft Security Bulletin MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615) Source: CCN Type: Microsoft Security Bulletin MS16-062 Security Update for Windows Kernel-Mode Drivers (3158222) Source: CCN Type: Microsoft Security Bulletin MS16-073 Security Update for Windows Kernel-Mode Drivers (3164028) Source: CCN Type: Microsoft Security Bulletin MS16-090 Security Update for Windows Kernel-Mode Drivers (3171481) Source: CCN Type: Microsoft Security Bulletin MS16-098 Security Update for Windows Kernel-Mode Drivers (3178466) Source: CCN Type: Microsoft Security Bulletin MS16-106 Security Update for Microsoft Graphics Component (3185848) Source: CCN Type: Microsoft Security Bulletin MS16-120 Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-123 Security Update for Kernel-Mode Drivers (3192892) Source: CCN Type: Microsoft Security Bulletin MS16-124 Security Update for Windows Registry (3193227) Source: CCN Type: Microsoft Security Bulletin MS16-135 Security Update for Kernel-Mode Drivers (3199135) Source: CCN Type: Microsoft Security Bulletin MS16-139 Security Update for Windows Kernel (3199720) Source: CCN Type: Microsoft Security Bulletin MS16-151 Security Update for Windows Kernel-Mode Drivers (3205651) Source: CCN Type: Microsoft Security Bulletin MS16-155 Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: BID Type: Third Party Advisory, VDB Entry 69144 Source: CCN Type: BID-69144 Microsoft Windows Kernel Pool Allocation CVE-2014-4064 Local Information Disclosure Vulnerability Source: MS Type: Patch, Vendor Advisory MS14-045 Source: XF Type: UNKNOWN ms-kernel-cve20144064-info-disc(95007) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||