Vulnerability Name: CVE-2015-0003 (CCN-100430) Assigned: 2014-11-18 Published: 2015-02-10 Updated: 2019-05-14 Summary: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." CVSS v3 Severity: 8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C 5.4 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C 5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-476 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2015-0003 Vulnerabilities in Windows Kernel Mode Driver Could Allow Remote Code (3025421) 72457 Microsoft Windows Kernel 'Win32k.sys' CVE-2015-0003 Local Privilege Escalation Vulnerability MS15-010 ms-kmd-cve20150003-priv-esc(100430) ms-kmd-cve20150003-priv-esc(100430) Offensive Security Exploit Database [05-25-2015] Microsoft Windows WM_SYSTIMER Kernel Elevation of Privilege Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:28762 V Microsoft schannel remote code execution vulnerability - CVE-2015-0003 (MS15-010) 2015-06-15
BACK
microsoft windows 7 - sp1
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2003 - sp2
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows vista - sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft windows 8 - -
microsoft windows 8 *
microsoft windows server 2012
microsoft windows rt -
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
Denotes that component is vulnerable