CVE-2015-0080 — Sensitive Information Exposure in Microsoft Windows Server 2008

CWE-200 — Sensitive Information Exposure8 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

8.1%

top 7.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedMar 11

Latest updateMay 14

Description

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize memory for rendering of malformed PNG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Malformed PNG Parsing Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-f79j-3xvw-j3f6: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched↗2015-03-10

▶

Talos

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched↗2015-03-10

▶

💬Community

Bugzilla

CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)↗2015-01-20

▶

Bugzilla

CVE-2015-0421 Oracle JDK: unspecified vulnerability fixed in 8u31 (Install)↗2015-01-20

▶

Bugzilla

CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability)↗2015-01-20

▶