CVE-2015-0001 — Use After Free in Microsoft Windows Server 2012
Severity
1.9LOWNVD
EPSS
0.6%
top 29.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 13
Latest updateMay 14
Description
The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability."
CVSS vector
AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9
Affected Packages1 packages
🔴Vulnerability Details
1GHSA▶
GHSA-c73w-5569-h45x: The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8↗2022-05-14
💥Exploits & PoCs
1📋Vendor Advisories
23VMware▶
VMware ESXi, Fusion, Player, and Workstation updates address important guest privilege escalation vulnerability↗2016-01-07
VMware▶
VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues↗2015-01-27
Red Hat▶
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26
Red Hat▶
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26
🕵️Threat Intelligence
2💬Community
22Bugzilla
▶
Bugzilla▶
CVE-2014-1308 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27
Bugzilla▶
CVE-2014-1326 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27
Bugzilla▶
CVE-2014-1333 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27