CVE-2015-1695
published 2015-05-13CVE-2015-1695: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold…
PriorityP259critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
14.22%
96.1th percentile
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gx8p-7jw3-phcx: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-1697 [CRITICAL] CWE-94 GHSA-gx8p-7jw3-phcx: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.
GHSA
GHSA-8x8w-grr6-3rqp: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-1698 [CRITICAL] CWE-94 GHSA-8x8w-grr6-3rqp: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.
GHSA
GHSA-fxhv-24w8-xq5w: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-1695 [CRITICAL] CWE-94 GHSA-fxhv-24w8-xq5w: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
GHSA
GHSA-h9rv-g9xh-2pq2: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-1696 [CRITICAL] CWE-94 GHSA-h9rv-g9xh-2pq2: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
GHSA
GHSA-q289-2885-29g4: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-1675 [CRITICAL] CWE-94 GHSA-q289-2885-29g4: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.
GHSA
GHSA-x9q5-6p8q-rxm7: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-1699 [CRITICAL] CWE-94 GHSA-x9q5-6p8q-rxm7: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - May 2015
blogs_talos·2015-05-12·CVSS 4.3
[MEDIUM] Microsoft Patch Tuesday - May 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 13 bulletins being released which address 48 CVEs. Three of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer, GDI+ Font Parsing, and Windows Journal. The remaining ten bulletins are marked as Important and address vulnerabilities in Microsoft Office, Sharepoint, .NET, Silverlight, Service Control Manager, Windows Kernel, VBScript/JScript, Microsoft Management Console, and Secure Channel.
## Bulletins Rated CriticalMS15-043, MS15-044, and MS15-045 are rated Critical.
MS15-043 is this month’s Internet Explorer security bulletin with vulnerabilities in versions 6 through 11 being ad
Talos
Microsoft Patch Tuesday - May 2015
blogs_talos·2015-05-12·CVSS 4.3
[MEDIUM] Microsoft Patch Tuesday - May 2015
## Microsoft Patch Tuesday - May 2015
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 13 bulletins being released which address 48 CVEs. Three of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer, GDI+ Font Parsing, and Windows Journal. The remaining ten bulletins are marked as Important and address vulnerabilities in Microsoft Office, Sharepoint, .NET, Silverlight, Service Control Manager, Windows Kernel, VBScript/JScript, Microsoft Management Console, and Secure Channel.
## Bulletins Rated Critical MS15-043, MS15-044, and MS15-045 are rated Critical.
MS15-043 is this month’s Internet Explorer security bulletin with vulnerabi
2015-05-13
Published