Vulnerability Name: | CVE-2015-2481 (CCN-96751) | ||||||||
Assigned: | 2015-08-11 | ||||||||
Published: | 2015-08-11 | ||||||||
Updated: | 2018-10-12 | ||||||||
Summary: | The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2480. | ||||||||
CVSS v3 Severity: | 7.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: MITRE Type: CNA CVE-2015-2481 Source: CCN Type: Microsoft Security Bulletin MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3086251) Source: CCN Type: Microsoft Security Bulletin MS16-041 Security Update for .NET Framework (3148789) Source: SECTRACK Type: UNKNOWN 1033253 Source: MS Type: UNKNOWN MS15-092 Source: XF Type: UNKNOWN ms-dotnet-cve20152481-priv-esc(96751) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |