SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows Journal File Processing Flaws Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1033484
SecurityTracker URL:  http://securitytracker.com/id/1033484
CVE Reference:   CVE-2015-2513, CVE-2015-2514, CVE-2015-2516, CVE-2015-2519, CVE-2015-2530   (Links to External Site)
Date:  Sep 8 2015
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1, 10; and prior service packs
Description:   Multiple vulnerabilities were reported in Windows Journal. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions on the target system.

A remote user can create a specially crafted Journal file that, when loaded by the target user via Windows Journal, will trigger an integer overflow or memory corruption error and execute arbitrary code on the target system [CVE-2015-2513, CVE-2015-2514, CVE-2015-2519, CVE-2015-2530].

A remote user can create a specially crafted Journal file that, when loaded by the target user via Windows Journal, will cause data loss on the target system [CVE-2015-2516].

Phil Blankenship of BeyondTrust Inc. and Kai Lu of Fortinet's FortiGuard Labs each reported one vulnerability.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause data loss on the target system.

Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=2c580b44-497c-455f-8a4b-fe7b7c234842

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=8d8280bb-9323-4241-9b9c-862198620c9a

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=f238596a-89ca-428c-927f-e2f09a5fbff0

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=5b599b24-e0c6-4bc0-a44b-eff5e5a99d30

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=fb43aeff-9823-41d4-916d-ec64fd4777f1

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=6c1c2e8f-e846-4cfb-b9f5-2a651caf8f78

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=fe2fd139-9dc8-48cf-a5b0-292cf0a14ed8

Windows 8 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=a7b9601c-9446-49fc-8477-a1f142a0cbf8

Windows 8 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=e96a700b-fd9f-412e-ad25-bed73d702c00

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=73f67e5a-9696-4384-9620-e185a7950cb6

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=f2f8880f-a59f-4a32-865a-025d1a179f96

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=670870e5-6e03-4745-94db-d31fb376de62

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=33ad68fc-24d7-40ef-ab83-a85431bae787

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-098

Vendor URL:  technet.microsoft.com/library/security/ms15-098 (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC