CVE-2015-0061Sensitive Information Exposure in Microsoft Windows Server 2008

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
22.1%
top 4.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedFeb 11
Latest updateMay 14

Description

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-w27x-f783-4h3x: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 82022-05-14

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed2015-02-10
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed2015-02-10

📄Research Papers

1
arXiv
Detile: Fine-Grained Information Leak Detection in Script Engines2020-07-06