Executive Summary

Summary
Title Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
Informations
Name MS15-051 First vendor Publication 2015-05-12
Vendor Microsoft Last vendor Modification 2015-05-27
Severity (Vendor) Important Revision 2.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important
Revision Note: V2.0 (May 27, 2015): Bulletin published.
Summary: Bulletin revised to announce the availability of a new update (3065979) that fixes a known issue that some customers experienced after installing the 3045171 security update on all supported editions of Windows 7/Windows 2008 R2 and earlier systems. The 3045171 security update causes customer applications to crash while attempting to create text-outline-based path objects using GDI+. Customers who are experiencing this known issue can correct the problem by installing the 3065979 update. See Microsoft Knowledge Base Article 3065979 for more information and download links.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-051

CWE : Common Weakness Enumeration

% Id Name
83 % CWE-200 Information Exposure
17 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28068
 
Oval ID: oval:org.mitre.oval:def:28068
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1678 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1679, and CVE-2015-1680.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1678
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28555
 
Oval ID: oval:org.mitre.oval:def:28555
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1679 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1679
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28808
 
Oval ID: oval:org.mitre.oval:def:28808
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1680 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1679.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1680
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28876
 
Oval ID: oval:org.mitre.oval:def:28876
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1677 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1677
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28883
 
Oval ID: oval:org.mitre.oval:def:28883
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1701 (MS15-051)
Description: Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1701
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29001
 
Oval ID: oval:org.mitre.oval:def:29001
Title: Microsoft windows kernel memory disclosure vulnerability - CVE-2015-1676 (MS15-051)
Description: The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, and CVE-2015-1680.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1676
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 25
Os 1
Os 1
Os 1
Os 1
Os 1
Os 3
Os 2
Os 2

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-05-14 IAVM : 2015-A-0108 - Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver (MS15-051)
Severity : Category II - VMSKEY : V0060653

Snort® IPS/IDS

Date Description
2015-06-23 Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt
RuleID : 34499 - Revision : 3 - Type : OS-WINDOWS
2015-06-23 Microsoft Windows Win32k.sys kernel-mode driver privilege escalation attempt
RuleID : 34498 - Revision : 3 - Type : OS-WINDOWS
2015-06-17 Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt
RuleID : 34443 - Revision : 3 - Type : OS-WINDOWS
2015-06-17 Microsoft Windows NTUserGetTitleBarInfo information disclosure attempt
RuleID : 34442 - Revision : 3 - Type : OS-WINDOWS
2015-06-17 Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt
RuleID : 34414 - Revision : 3 - Type : OS-WINDOWS
2015-06-17 Microsoft Windows NtUserGetScrollBarInfo information disclosure attempt
RuleID : 34413 - Revision : 3 - Type : OS-WINDOWS
2015-06-17 Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt
RuleID : 34378 - Revision : 3 - Type : OS-WINDOWS
2015-06-17 Microsoft Windows NtUserGetComboBoxInfo information disclosure attempt
RuleID : 34377 - Revision : 3 - Type : OS-WINDOWS

Metasploit Database

id Description
2015-05-12 Windows ClientCopyImage Win32k Exploit

Nessus® Vulnerability Scanner

Date Description
2015-05-12 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms15-051.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2020-05-23 13:17:15
  • Multiple Updates
2015-10-18 17:26:33
  • Multiple Updates
2015-06-23 21:26:39
  • Multiple Updates
2015-06-23 00:24:34
  • Multiple Updates
2015-06-17 21:26:37
  • Multiple Updates
2015-06-06 05:28:10
  • Multiple Updates
2015-06-06 05:15:43
  • Multiple Updates
2015-05-13 17:29:42
  • Multiple Updates
2015-05-13 13:28:08
  • Multiple Updates
2015-05-12 21:30:30
  • Multiple Updates
2015-05-12 21:16:47
  • First insertion