CVE-2015-6097 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows Server 2008

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents3 sources

Severity

9.3CRITICALNVD

EPSS

38.8%

top 2.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedNov 11

Latest updateMay 14

Description

Heap-based buffer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted Journal (.jnt) file, aka "Windows Journal Heap Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-vm2q-m3f7-vqmm: Heap-based buffer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote atta↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - November 2015↗2015-11-10

▶

Talos

Microsoft Patch Tuesday - November 2015↗2015-11-10

▶