Microsoft Windows OLE Input Validation Flaw Lets Local Users Gain Elevated Privileges in Certain Cases
|
SecurityTracker Alert ID: 1032906 |
SecurityTracker URL: http://securitytracker.com/id/1032906
|
CVE Reference:
CVE-2015-2416, CVE-2015-2417
(Links to External Site)
|
Date: Jul 15 2015
|
Impact:
User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
|
Description:
Two vulnerabilities were reported in Microsoft Windows OLE A local user can obtain elevated privileges on the target system in certain cases.
A local user can exploit an input validation flaw in Microsoft Windows OLE to, in conjunction with a separate remote code execution vulnerability, execute the code at a medium integrity level on the target system.
Nicolas Joly @n_joly reported these vulnerabilities.
|
Impact:
A local user can, in conjunction with a separate remote code execution vulnerability, execute the code at a medium integrity level on the target system.
|
Solution:
The vendor has issued a fix.
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6A8643F4-CE86-46BC-BC11-EBE2CE4D01FA
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=DA025128-FD4A-401B-8C1D-55C555BD4510
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=CCB9DFF2-60EF-4D61-A66F-4337BB9B6CD9
Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=CBE02674-4CF7-431D-923A-68A0315E20F1
Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=3A9FDB2F-651E-462C-B9C5-75AD0DEAF88D
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=43CEBD57-43FF-4D53-A6C2-6E59A705AB58
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=BEB51586-D260-4493-B19A-307DFDD01024
Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=758BC378-ACD3-4A99-BCFD-5791A48AB868
Windows 7 for 32-bit Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6D5130D7-6319-4F42-A5D5-08930A049FA6
Windows 7 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=FCCFF510-BD7D-4854-9B83-8E368085E55D
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=558409C3-5A38-4A74-9BAF-903ACFB5F812
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=654B899F-2629-42D4-9DFC-33973D73867D
Windows 8 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=FC12F0D7-817D-4EF8-8CCF-23C7D5F8646C
Windows 8 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=27343448-F541-428E-83A3-44C224A63AB9
Windows 8.1 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=FCC1B3D6-7573-42EC-94E8-EF50A63D820F
Windows 8.1 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=E63714AA-C5CF-4F2B-BB17-BAD66983DD87
Windows Server 2012:
https://www.microsoft.com/downloads/details.aspx?familyid=E6D716DD-C8EA-411C-AE31-B86A5D50CE42
Windows Server 2012 R2:
https://www.microsoft.com/downloads/details.aspx?familyid=7E11DCC7-AA17-4B43-8474-076A152551DD
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=43CEBD57-43FF-4D53-A6C2-6E59A705AB58
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=BEB51586-D260-4493-B19A-307DFDD01024
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=558409C3-5A38-4A74-9BAF-903ACFB5F812
Windows Server 2012:
https://www.microsoft.com/downloads/details.aspx?familyid=E6D716DD-C8EA-411C-AE31-B86A5D50CE42
Windows Server 2012 R2:
https://www.microsoft.com/downloads/details.aspx?familyid=7E11DCC7-AA17-4B43-8474-076A152551DD
The Microsoft advisory is available at:
https://technet.microsoft.com/library/security/ms15-075
|
Vendor URL: technet.microsoft.com/library/security/ms15-075 (Links to External Site)
|
Cause:
Input validation error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|