Vulnerability Name: CVE-2015-1720 (CCN-103341) Assigned: 2015-06-09 Published: 2015-06-09 Updated: 2019-05-14 Summary: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability." CVSS v3 Severity: 8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C 5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-416 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2015-1720 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057839) Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102) Security Update for Microsoft Windows to Address Remote Code Execution (3105864) Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503) Security Update for Microsoft Windows to Address Remote Code Execution (3116162) Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege (3119075) Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584) Security Update for Kernel to Address Elevation of Privilege (3124605) Security update for Microsoft Windows to Address Remote Code Execution (3134228) Security Update for Windows Kernel-Mode Driver to Address Elevation of Privilege (3136082) Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3143145) Security Update for .NET Framework to Address Security Feature Bypass (3141780) Security Update for Microsoft Graphics Component (3148522) Security Update for Windows OLE (3146706) Security Update for CSRSS (3148528) Security Update for Microsoft Graphics Component (3156754) Security Update for Windows Kernel (3154846) Security Update for Microsoft RPC (3155520) Security Update for Windows Kernel-Mode Drivers (3158222) Security Update for Windows Kernel-Mode Drivers (3164028) Security Update for Microsoft Graphics Component (3164036) Security Update for Windows Kernel-Mode Drivers (3171481) Security Update for Windows Kernel (3171910) Security Update for Microsoft Graphics Component (3177393) Security Update for Windows Kernel-Mode Drivers (3178466) Security Update for Microsoft Graphics Component (3185848) Security Update for Windows Kernel (3186973) Security Update for Microsoft Graphics Component (3192884) Security Update for Microsoft Video Control (3195360) Security Update for Kernel-Mode Drivers (3192892) Security Update for Windows Registry (3193227) Security Update for Microsoft Internet Messaging API (3196067) Security Update for Microsoft Video Control (3199151) Security Update for Microsoft Graphics Component (3199120) Security Update for Kernel-Mode Drivers (3199135) Security Update for Windows Kernel (3199720) Security Update for Microsoft Graphics Component (3204066) Security Update for Windows Kernel-Mode Drivers (3205651) Security Update for .NET Framework (3205640) Cumulative Security Update for Internet Explorer (4013073) Security Update for Microsoft Graphics Component (4013075) 1032525 MS15-061 ms-kmd-cve20151720-priv-esc(103341) Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:29118 V Microsoft Windows Kernel use after free vulnerability – CVE-2015-1720 (MS15-061) 2015-07-27
BACK
microsoft windows 7 - sp1
microsoft windows 8 -
microsoft windows 8.1 -
microsoft windows rt -
microsoft windows rt 8.1 -
microsoft windows server 2003 - sp2
microsoft windows server 2003 r2 sp2
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows vista - sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows server 2003 r2 sp2
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft windows 8 - -
microsoft windows 8 *
microsoft windows server 2012
microsoft windows rt -
microsoft windows 8.1 - -
microsoft windows 8.1 *
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
Denotes that component is vulnerable