CVE-2015-0094 — Sensitive Information Exposure in Microsoft Windows Server 2008

CWE-200 — Sensitive Information Exposure6 documents4 sources

Severity

2.1LOWNVD

EPSS

2.5%

top 14.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedMar 11

Latest updateMay 14

Description

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the availability of address information during a function call, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability."

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j9r4-r32f-wq3f: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched↗2015-03-10

▶

Talos

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched↗2015-03-10

▶

💬Community

Bugzilla

CVE-2015-0310 flash-plugin: Vulnerability that could be used to circumvent memory randomization mitigations (APSB15-02)↗2015-01-23

▶

Bugzilla

CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)↗2015-01-23

▶