Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
TitleVulnerabilities in Windows Journal Could Allow Remote Code Execution (3089669)
Informations
NameMS15-098First vendor Publication2015-09-08
VendorMicrosoftLast vendor Modification2015-09-23
Severity (Vendor) CriticalRevision1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V1.1 (September 23, 2015): Bulletin revised to correct the severity and impact for CVE-2015-2514. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-098

CWE : Common Weakness Enumeration

%idName
80 %CWE-20Improper Input Validation
20 %CWE-189Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2
Os2
Os2
Os2
Os2
Os1
Os2
Os4
Os1

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-09-10IAVM : 2015-A-0216 - Multiple Vulnerabilities in Microsoft Windows Journal (MS15-098)
Severity : Category II - VMSKEY : V0061393

Snort® IPS/IDS

DateDescription
2016-09-08Microsoft Windows operating system win32kfull heap corruption attempt
RuleID : 39819 - Revision : 2 - Type : OS-WINDOWS
2016-09-08Microsoft Windows operating system win32kfull heap corruption attempt
RuleID : 39818 - Revision : 2 - Type : OS-WINDOWS
2015-10-06Microsoft Journal file parsing remote code execution attempt
RuleID : 35962 - Revision : 2 - Type : FILE-OTHER
2015-10-06Microsoft Journal file parsing remote code execution attempt
RuleID : 35961 - Revision : 2 - Type : FILE-OTHER

Nessus® Vulnerability Scanner

DateDescription
2015-09-09Name : The remote host is affected by multiple vulnerabilities.
File : smb_nt_ms15-098.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
DateInformations
2016-04-27 05:00:31
  • Multiple Updates
2015-10-18 17:26:43
  • Multiple Updates
2015-10-06 21:22:56
  • Multiple Updates
2015-09-24 00:26:30
  • Multiple Updates
2015-09-24 00:15:45
  • Multiple Updates
2015-09-10 13:26:41
  • Multiple Updates
2015-09-09 21:30:59
  • Multiple Updates
2015-09-09 09:28:50
  • Multiple Updates
2015-09-08 21:31:37
  • Multiple Updates
2015-09-08 21:17:25
  • First insertion