CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS15-117 | Security Update for NDIS to Address Elevation of Privilege (3101722) | Windows Vista | Important | 11-11-2015 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Detailed Information on the risk:
An elevation of privilege vulnerability exists when NDIS fails to check the length of a buffer prior to copying memory into it. An attacker who successfully exploited this vulnerability could gain elevated privileges on a targeted system.
To exploit the vulnerability, an attacker would first have to log on to the system. The attacker could then run a specially crafted application designed to elevate privileges. The security update corrects how NDIS validates buffer length.
Windows Vista Service Pack 2 To exploit the vulnerability, an attacker would first have to log on to the system. The attacker could then run a specially crafted application designed to elevate privileges. The security update corrects how NDIS validates buffer length.
Further information on this exploit is available at : MS15-117
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Affected Software
Windows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1