CVE-2015-0061
published 2015-02-11CVE-2015-0061: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and…
PriorityP433medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
18.87%
96.9th percentile
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for TIFF images, which allows remote attackers to obtain sensitive information from process memory via a crafted image file, aka "TIFF Processing Information Disclosure Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
blogs_talos·2015-02-10·CVSS 6.8
[MEDIUM] Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
## Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.
## Bulletins Rated Critical MS15-009, MS15-010, and MS15-011 are rated Critical.
MS15-009 is targeted at addressing multiple vulnerabilities within Internet Explorer, versions 6 through 11. In total, 41 different CVEs were addressed with the vast majority of the those CVEs fixing use-after-free vulnerabilitie
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
blogs_talos·2015-02-10·CVSS 6.8
[MEDIUM] Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.
### Bulletins Rated CriticalMS15-009, MS15-010, and MS15-011 are rated Critical.
MS15-009 is targeted at addressing multiple vulnerabilities within Internet Explorer, versions 6 through 11. In total, 41 different CVEs were addressed with the vast majority of the those CVEs fixing use-after-free vulnerabilities that could result in remote code execution. A couple ASLR bypasses, pr
arXiv
Detile: Fine-Grained Information Leak Detection in Script Engines
arxiv_fulltext·2020-07-06
Detile: Fine-Grained Information Leak Detection in Script Engines
Robert Gawlik, Philipp Koppe, Benjamin Kollenda,
Andre Pawlowski, Behrad Garmany Thorsten Holz
## Abstract
Memory disclosure attacks play an important role in the
exploitation of memory corruption vulnerabilities. By analyzing recent
research, we observe that bypasses of defensive solutions that enforce control-flow
integrity or attempt to detect return-oriented programming require memory
disclosure attacks as a fundamental first step.
However, research lags behind in detecting such information leaks.
In this paper, we tackle this problem and present a system for fine-grained,
automated detection of memory disclosure attacks against scripting engines.
The basic insight is as follows: scripting languages, such as
JavaScript in web browsers, are strictly sandboxed. They must not provide a
http://www.securityfocus.com/bid/72456http://www.securitytracker.com/id/1031725https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-016https://exchange.xforce.ibmcloud.com/vulnerabilities/100435https://exchange.xforce.ibmcloud.com/vulnerabilities/100436http://www.securityfocus.com/bid/72456http://www.securitytracker.com/id/1031725https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-016https://exchange.xforce.ibmcloud.com/vulnerabilities/100435https://exchange.xforce.ibmcloud.com/vulnerabilities/100436
2015-02-11
Published