Executive Summary

Summary
TitleVulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
Informations
NameMS15-020First vendor Publication2015-03-10
VendorMicrosoftLast vendor Modification2015-03-10
Severity (Vendor) CriticalRevision1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V1.1 (March 10, 2015): Bulletin revised to better explain the attack vector for the DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096).
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or open a file in a working directory that contains a specially crafted DLL file.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-020

CWE : Common Weakness Enumeration

%idName
50 %CWE-426Untrusted Search Path
50 %CWE-19Data Handling

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28624
 
Oval ID: oval:org.mitre.oval:def:28624
Title: DEPRECATED: DLL planting remote code execution vulnerability - CVE-2015-0096 (MS15-020)
Description: Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-0096
Version: 4
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28609
 
Oval ID: oval:org.mitre.oval:def:28609
Title: DLL planting remote code execution vulnerability - CVE-2015-0096 (MS15-020)
Description: Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-0096
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28694
 
Oval ID: oval:org.mitre.oval:def:28694
Title: DEPRECATED: WTS remote code execution vulnerability - CVE-2015-0081 (MS15-020)
Description: Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-0081
Version: 4
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27987
 
Oval ID: oval:org.mitre.oval:def:27987
Title: WTS remote code execution vulnerability - CVE-2015-0081 (MS15-020)
Description: Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-0081
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1
Os1
Os1
Os1
Os1
Os1
Os3
Os2
Os1

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-03-12IAVM : 2015-A-0053 - Multiple Vulnerabilities in Microsoft Windows (MS15-020)
Severity : Category II - VMSKEY : V0059001

Snort® IPS/IDS

DateDescription
2015-04-14Microsoft Internet Explorer out of bounds array access attempt
RuleID : 33776 - Revision : 4 - Type : BROWSER-IE
2015-04-14Microsoft Internet Explorer out of bounds array access attempt
RuleID : 33775 - Revision : 4 - Type : BROWSER-IE
2014-01-10Microsoft LNK shortcut arbitrary dll load attempt
RuleID : 24500 - Revision : 6 - Type : FILE-OTHER
2014-01-10Microsoft LNK shortcut arbitrary dll load attempt
RuleID : 17042 - Revision : 17 - Type : FILE-OTHER

Metasploit Database

idDescription
2015-03-10 Microsoft Windows Shell LNK Code Execution
2015-03-10 Microsoft Windows Shell LNK Code Execution
2017-06-13 LNK Code Execution Vulnerability
2017-06-13 LNK Code Execution Vulnerability

Nessus® Vulnerability Scanner

DateDescription
2015-03-10Name : The remote Windows host is affected by multiple remote code execution vulnera...
File : smb_nt_ms15-020.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
DateInformations
2017-01-03 09:24:49
  • Multiple Updates
2015-10-18 17:26:29
  • Multiple Updates
2015-04-14 21:26:07
  • Multiple Updates
2015-03-19 21:26:43
  • Multiple Updates
2015-03-12 17:22:33
  • Multiple Updates
2015-03-11 21:26:28
  • Multiple Updates
2015-03-11 17:26:18
  • Multiple Updates
2015-03-11 13:25:05
  • Multiple Updates
2015-03-11 00:27:11
  • Multiple Updates
2015-03-11 00:16:05
  • Multiple Updates
2015-03-10 21:27:52
  • Multiple Updates
2015-03-10 21:24:08
  • Multiple Updates
2015-03-10 21:16:51
  • First insertion