CVE-2015-0080
published 2015-03-11CVE-2015-0080: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and…
PriorityP427medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
15.35%
96.4th percentile
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Malformed PNG Parsing Information Disclosure Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
blogs_talos·2015-03-10·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
## Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins being released which address 45 CVEs. The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are rated important and cover vulnerabilities within Windows Kernel Mode Drivers, Exchange, Task Scheduler, Remote Desktop, SChannel, and the Microsoft Graphics component.
## Bulletins Rated Critical MS15-018, MS15-019, MS15-020, MS15-021, and MS15-022 are rated Critical.
MS15-018 addresses multiple vulnerabilities within Internet Explor
Talos
Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
blogs_talos·2015-03-10·CVSS 9.3
[CRITICAL] Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK
Patched
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins being released which address 45 CVEs. The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are rated important and cover vulnerabilities within Windows Kernel Mode Drivers, Exchange, Task Scheduler, Remote Desktop, SChannel, and the Microsoft Graphics component.
### Bulletins Rated CriticalMS15-018, MS15-019, MS15-020, MS15-021, and MS15-022 are rated Critical.
MS15-018 addresses multiple vulnerabilities within Internet Explorer, versions 6 through 11. 12 CVEs were resolved this month, including CVE-2015-0
Bugzilla
CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)
bugzilla·2015-01-20·CVSS 5.8
CVE-2015-0406 [MEDIUM] CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)
CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)
Oracle Java SE 6u91, 7u75 and 8u31 fixes an unspecified vulnerability in the Deployment component (CVE-2015-0406). Upstream has CVSSv2 scored this issue as: 5.8/AV:N/AC:M/Au:N/C:P/I:N/A:P
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0080 https://rhn.redhat.com/errata/RHSA-2015-0080.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0079 https://rh
Bugzilla
CVE-2015-0421 Oracle JDK: unspecified vulnerability fixed in 8u31 (Install)
bugzilla·2015-01-20·CVSS 6.9
CVE-2015-0421 [MEDIUM] CVE-2015-0421 Oracle JDK: unspecified vulnerability fixed in 8u31 (Install)
CVE-2015-0421 Oracle JDK: unspecified vulnerability fixed in 8u31 (Install)
Oracle Java SE 8u31 fixes an unspecified vulnerability in the Install component (CVE-2015-0421). Upstream has CVSSv2 scored this issue as: 6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0080 https://rhn.redhat.com/errata/RHSA-2015-0080.html
Bugzilla
CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
bugzilla·2015-01-20·CVSS 1.9
CVE-2015-0413 [LOW] CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)
Oracle Java SE 7u75 and 8u31 fixes an unspecified vulnerability in the Serviceability component (CVE-2015-0413). Upstream has CVSSv2 scored this issue as: 1.9/AV:L/AC:M/Au:N/C:N/I:P/A:N
External Reference:
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA
Discussion:
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0080 https://rhn.redhat.com/errata/RHSA-2015-0080.html
---
This issue has been addressed in the following products:
Oracle Java for Red Hat Enterprise Linux 7
Oracle Java for Red Hat Enterprise Linux 5
Oracle Java for Red Hat Enterprise Linux 6
Via RHSA-2015:0079 https://rhn.re
http://www.securityfocus.com/bid/72909http://www.securitytracker.com/id/1031898https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-024http://www.securityfocus.com/bid/72909http://www.securitytracker.com/id/1031898https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-024
2015-03-11
Published