Vulnerability Name: CVE-2015-0076 (CCN-101140) Assigned: 2014-11-18 Published: 2015-03-10 Updated: 2019-05-14 Summary: The photo-decoder implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly initialize memory for rendering of JXR images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "JPEG XR Parser Information Disclosure Vulnerability." CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N )3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N )3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRE Type: CNACVE-2015-0076 Source: CCN Type: Microsoft Security Bulletin MS15-029Vulnerability in Windows Photo Decoder Component Could Allow Information Disclosure (3035126) Source: BID Type: Third Party Advisory, VDB Entry72918 Source: CCN Type: BID-72918Microsoft Windows Graphics Component CVE-2015-0076 Information Disclosure Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1031894 Source: MS Type: Patch, Vendor AdvisoryMS15-029 Source: XF Type: UNKNOWNms-graphics-cve20150076-info-disc(101140) Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_vista:-:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:pro_n:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:28675 V JPEG XR parser information disclosure vulnerability - CVE-2015-0076 (MS15-029) 2015-04-27
BACK
microsoft windows 7 - sp1
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows vista - sp2
microsoft windows vista - sp2
microsoft windows vista - sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 - sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows 8 - -
microsoft windows 8 - -
microsoft windows server 2012
microsoft windows rt -
microsoft windows 8.1 - -
microsoft windows 8.1 - -
microsoft windows server 2012 r2
microsoft windows rt 8.1 *