Vulnerability Name: CVE-2015-0062 (CCN-100437) Assigned: 2014-11-18 Published: 2015-02-10 Updated: 2019-05-14 Summary: Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability." CVSS v3 Severity: 8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C 5.6 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
8.5 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C 6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-264 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2015-0062 62840 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432) 72458 Microsoft Windows CVE-2015-0062 Local Privilege Escalation Vulnerability 1031724 MS15-015 ms-windows-cve20150062-priv-esc(100437) ms-windows-cve20150062-priv-esc(100437) win-ms15kb3031432-update(100438) Microsoft Windows CreateProcessAsUser Impersonation Token Bypass Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:28764 V Windows create process elevation of privilege vulnerability - CVE-2015-0062 (MS15-015) 2015-03-30
BACK
microsoft windows 7 - sp1
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft windows 8 - -
microsoft windows 8 *
microsoft windows server 2012
microsoft windows rt -
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
Denotes that component is vulnerable