CVE-2015-2454 — Improper Access Control in Microsoft Windows Server 2008

CWE-264 CWE-284 — Improper Access Control CWE-416 — Use After Free CWE-200 — Sensitive Information Exposure18 documents4 sources

Severity

2.1LOWNVD

EPSS

1.0%

top 23.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedAug 15

Latest updateMay 14

Description

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows KMD Security Feature Bypass Vulnerability."

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-jrc5-254w-5vfw: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

📋Vendor Advisories

Red Hat

chromium-browser: Cross-origin bypass in V8↗2015-09-24

▶

Red Hat

chromium-browser: Cross-origin bypass in DOM↗2015-09-24

▶

Red Hat

chromium-browser: Use-after-free in Blink↗2015-09-01

▶

Red Hat

chromium-browser: Use-after-free in Printing↗2015-09-01

▶

Red Hat

chromium-browser: various fixes from internal audits↗2015-09-01

▶

💬Community

Bugzilla

CVE-2015-1302 chromium-browser: information leak in PDF viewer↗2015-11-11

▶

Bugzilla

CVE-2015-6581 openjpeg: Double free vulnerability in opj_j2k_copy_default_tcp_and_create_tcd↗2015-10-01

▶