SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows OLE Input Validation Flaw Lets Local Users Gain Elevated Privileges in Certain Cases
SecurityTracker Alert ID:  1032906
SecurityTracker URL:  http://securitytracker.com/id/1032906
CVE Reference:   CVE-2015-2416, CVE-2015-2417   (Links to External Site)
Date:  Jul 15 2015
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs
Description:   Two vulnerabilities were reported in Microsoft Windows OLE A local user can obtain elevated privileges on the target system in certain cases.

A local user can exploit an input validation flaw in Microsoft Windows OLE to, in conjunction with a separate remote code execution vulnerability, execute the code at a medium integrity level on the target system.

Nicolas Joly @n_joly reported these vulnerabilities.

Impact:   A local user can, in conjunction with a separate remote code execution vulnerability, execute the code at a medium integrity level on the target system.
Solution:   The vendor has issued a fix.

Windows Server 2003 Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=6A8643F4-CE86-46BC-BC11-EBE2CE4D01FA

Windows Server 2003 x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=DA025128-FD4A-401B-8C1D-55C555BD4510

Windows Server 2003 with SP2 for Itanium-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=CCB9DFF2-60EF-4D61-A66F-4337BB9B6CD9

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=CBE02674-4CF7-431D-923A-68A0315E20F1

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=3A9FDB2F-651E-462C-B9C5-75AD0DEAF88D

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=43CEBD57-43FF-4D53-A6C2-6E59A705AB58

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=BEB51586-D260-4493-B19A-307DFDD01024

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=758BC378-ACD3-4A99-BCFD-5791A48AB868

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=6D5130D7-6319-4F42-A5D5-08930A049FA6

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=FCCFF510-BD7D-4854-9B83-8E368085E55D

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=558409C3-5A38-4A74-9BAF-903ACFB5F812

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=654B899F-2629-42D4-9DFC-33973D73867D

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=FC12F0D7-817D-4EF8-8CCF-23C7D5F8646C

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=27343448-F541-428E-83A3-44C224A63AB9

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=FCC1B3D6-7573-42EC-94E8-EF50A63D820F

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=E63714AA-C5CF-4F2B-BB17-BAD66983DD87

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=E6D716DD-C8EA-411C-AE31-B86A5D50CE42

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=7E11DCC7-AA17-4B43-8474-076A152551DD

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=43CEBD57-43FF-4D53-A6C2-6E59A705AB58

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=BEB51586-D260-4493-B19A-307DFDD01024

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=558409C3-5A38-4A74-9BAF-903ACFB5F812

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=E6D716DD-C8EA-411C-AE31-B86A5D50CE42

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=7E11DCC7-AA17-4B43-8474-076A152551DD

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-075

Vendor URL:  technet.microsoft.com/library/security/ms15-075 (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC