SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Microsoft GDI+ Vendors:   Microsoft
Microsoft Windows Graphics Component Bitmap Conversion Flaw Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1032902
SecurityTracker URL:  http://securitytracker.com/id/1032902
CVE Reference:   CVE-2015-2364   (Links to External Site)
Date:  Jul 14 2015
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, 2003 R2 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows Graphics Component. A local user can gain system privileges on the target system.

The Windows graphics component does not properly process bitmap conversions. A local user can run a specially crafted application to exploit this flaw and gain system level privileges on the target system.

Nicolas Joly @n_joly reported this vulnerability.

Impact:   A local user can obtain system privileges on the target system.
Solution:   The vendor has issued a fix.

Windows Server 2003 Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=7763ABA5-F32C-4740-B2F6-CDF59902BD2B

Windows Server 2003 x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=9218BF41-1679-41C9-9F3F-15DCA2D3ED71

Windows Server 2003 with SP2 for Itanium-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=4EDA7F93-B967-48F5-90C6-7B278F8ADE98

Windows Server 2003 R2 Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=7763ABA5-F32C-4740-B2F6-CDF59902BD2B

Windows Server 2003 R2 x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=9218BF41-1679-41C9-9F3F-15DCA2D3ED71

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=E6F3FCF2-5AF9-4F82-B430-624C5592C08A

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=7C3446B5-25FC-4FE1-AA29-1AE62DF724E4

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=67C7487E-3D18-4D26-B384-F13A4C8CB0FA

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=CAD5B923-C645-4456-8B9C-5DBF6A333AEF

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=C0D665A4-46B2-4E09-88E6-0337D02A4841

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=289235B9-D9D9-41B2-893F-62419D5DBCF0

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=C43AB443-4F9F-410D-8A01-F78EBEFA54C1

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=58BCED38-AF1C-4E9A-BF77-7D007AD760AA

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=E376F94F-A491-4D99-963E-BD687B14D6B9

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=C429033E-FCAD-4B5C-B994-CEA3BDB42C65

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=D1FF4417-1E70-494E-8649-C7399C162EA5

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=CE97D532-A7E1-41B1-9410-BD83C55F10C4

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=7244AAAE-7C11-411D-95D3-7E8CF953FEA8

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=D0BBD74B-4960-4C15-8656-BE99574BCA0F

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=2FD186D1-DD7D-48EA-B4AD-5E73ED012753

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=67C7487E-3D18-4D26-B384-F13A4C8CB0FA

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=CAD5B923-C645-4456-8B9C-5DBF6A333AEF

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=58BCED38-AF1C-4E9A-BF77-7D007AD760AA

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=D0BBD74B-4960-4C15-8656-BE99574BCA0F

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=2FD186D1-DD7D-48EA-B4AD-5E73ED012753

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-072

Vendor URL:  technet.microsoft.com/library/security/ms15-072 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC