8.3

CVE-2015-0008

The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8 Version-
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Vista Version- Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 28.58% 0.979
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.3 6.5 10
AV:A/AC:L/Au:N/C:C/I:C/A:C
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
Patch
Vendor Advisory
http://packetstormsecurity.com/files/155002/Microsoft-Windows-Server-2012-Group-Policy-Remote-Code-Execution.html
http://www.kb.cert.org/vuls/id/787252
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/72477
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1031719
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-011
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100426
Third Party Advisory
VDB Entry
https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/
Third Party Advisory