Microsoft Windows OLE Input Validation Flaw Lets Local Users Gain Elevated Privileges in Certain Cases - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: OS (Microsoft) > Windows DLL (Any)

Vendors: Microsoft

Microsoft Windows OLE Input Validation Flaw Lets Local Users Gain Elevated Privileges in Certain Cases

SecurityTracker Alert ID: 1032906

SecurityTracker URL: http://securitytracker.com/id/1032906

CVE Reference: CVE-2015-2416, CVE-2015-2417 (Links to External Site)

Date: Jul 15 2015

Impact: User access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs

Description: Two vulnerabilities were reported in Microsoft Windows OLE A local user can obtain elevated privileges on the target system in certain cases.

A local user can exploit an input validation flaw in Microsoft Windows OLE to, in conjunction with a separate remote code execution vulnerability, execute the code at a medium integrity level on the target system.

Nicolas Joly @n_joly reported these vulnerabilities.

Impact: A local user can, in conjunction with a separate remote code execution vulnerability, execute the code at a medium integrity level on the target system.

Solution: The vendor has issued a fix.

Windows Server 2003 Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=6A8643F4-CE86-46BC-BC11-EBE2CE4D01FA

Windows Server 2003 x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=DA025128-FD4A-401B-8C1D-55C555BD4510

Windows Server 2003 with SP2 for Itanium-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=CCB9DFF2-60EF-4D61-A66F-4337BB9B6CD9

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=CBE02674-4CF7-431D-923A-68A0315E20F1

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=3A9FDB2F-651E-462C-B9C5-75AD0DEAF88D

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=43CEBD57-43FF-4D53-A6C2-6E59A705AB58

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=BEB51586-D260-4493-B19A-307DFDD01024

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=758BC378-ACD3-4A99-BCFD-5791A48AB868

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=6D5130D7-6319-4F42-A5D5-08930A049FA6

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=FCCFF510-BD7D-4854-9B83-8E368085E55D

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=558409C3-5A38-4A74-9BAF-903ACFB5F812

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=654B899F-2629-42D4-9DFC-33973D73867D

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=FC12F0D7-817D-4EF8-8CCF-23C7D5F8646C

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=27343448-F541-428E-83A3-44C224A63AB9

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=FCC1B3D6-7573-42EC-94E8-EF50A63D820F

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=E63714AA-C5CF-4F2B-BB17-BAD66983DD87

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=E6D716DD-C8EA-411C-AE31-B86A5D50CE42

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=7E11DCC7-AA17-4B43-8474-076A152551DD

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=43CEBD57-43FF-4D53-A6C2-6E59A705AB58

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=BEB51586-D260-4493-B19A-307DFDD01024

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=558409C3-5A38-4A74-9BAF-903ACFB5F812

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=E6D716DD-C8EA-411C-AE31-B86A5D50CE42

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=7E11DCC7-AA17-4B43-8474-076A152551DD

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-075

Vendor URL: technet.microsoft.com/library/security/ms15-075 (Links to External Site)

Cause: Input validation error

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2019, SecurityGlobal.net LLC