Vulnerability Name: CVE-2015-0008 (CCN-100426) Assigned: 2014-11-18 Published: 2015-02-10 Updated: 2019-10-29 Summary: The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." CVSS v3 Severity: 9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 8.3 High (CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C )6.5 Medium (Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.9 High (CCN CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C )6.2 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-284 Vulnerability Consequences: Gain Access References: Source: CONFIRM Type: Patch, Vendor Advisoryhttp://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx Source: MITRE Type: CNACVE-2015-0008 Source: MISC Type: UNKNOWNhttp://packetstormsecurity.com/files/155002/Microsoft-Windows-Server-2012-Group-Policy-Remote-Code-Execution.html Source: CCN Type: Microsoft Security Bulletin MS15-011Vulnerability in Group Policy Could Allow Remote Code Execution (3000483) Source: CCN Type: US-CERT VU#787252Microsoft Windows domain-configured client Group Policy fails to authenticate servers Source: CERT-VN Type: Third Party Advisory, US Government ResourceVU#787252 Source: BID Type: Third Party Advisory, VDB Entry72477 Source: CCN Type: BID-72477Microsoft Windows Group Policy CVE-2015-0008 Remote Code Execution Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1031719 Source: MS Type: Patch, Vendor AdvisoryMS15-011 Source: XF Type: Third Party Advisory, VDB Entryms-grouppolicy-cve20150008-code-exec(100426) Source: XF Type: UNKNOWNms-grouppolicy-cve20150008-code-exec(100426) Source: CCN Type: Packet Storm Security [10-29-2019]Microsoft Windows Server 2012 Group Policy Remote Code Execution Source: EXPLOIT-DB Type: EXPLOITOffensive Security Exploit Database [10-29-2019] Source: MISC Type: Third Party Advisoryhttps://www.jasadvisors.com/additonal-jasbug-security-exploit-info/ Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:28700 V Group Policy remote code execution vulnerability - CVE-2015-0008 (MS15-011) 2015-03-30
BACK
microsoft windows 7 - sp1
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2003 - sp2
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows vista - sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 * r2
microsoft windows server 2008 * r2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows 8 - -
microsoft windows 8 *
microsoft windows server 2012
microsoft windows rt -
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *