CVE-2015-0062 — Microsoft Windows Server 2008 vulnerability

CWE-2647 documents5 sources

Severity

7.2HIGHNVD

EPSS

1.4%

top 19.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedFeb 11

Latest updateMay 14

Description

Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted application that leverages incorrect impersonation handling in a process that uses the SeAssignPrimaryTokenPrivilege privilege, aka "Windows Create Process Elevation of Privilege Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vwvj-5284-m7cc: Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

🕵️Threat Intelligence

Talos

China Chopper still active 9 years later↗2019-08-27

▶

Talos

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed↗2015-02-10

▶

Talos

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed↗2015-02-10

▶

Zscaler

Zscaler detects IE & MS Office Vulnerabilities | 02-10-2015↗

▶

💬Community

Bugzilla

CVE-2015-7851 ntp: saveconfig directory traversal vulnerability↗2015-10-22

▶