| Vulnerability Name: | CVE-2015-6125 (CCN-108222) | ||||||||
| Assigned: | 2015-12-08 | ||||||||
| Published: | 2015-12-08 | ||||||||
| Updated: | 2019-05-08 | ||||||||
| Summary: | Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Use After Free Vulnerability." <a href="https://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> | ||||||||
| CVSS v3 Severity: | 9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-6125 Source: CCN Type: Microsoft Security Bulletin MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465) Source: CCN Type: Microsoft Security Bulletin MS16-071 Security Update for Microsoft Windows DNS Server (3164065) Source: SECTRACK Type: UNKNOWN 1034323 Source: MS Type: UNKNOWN MS15-127 Source: XF Type: UNKNOWN ms-dns-cve20156125-code-exec(108222) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||