CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS15-088 | Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458) | Windows Vista | Important | 12-08-2015 |
Technical Information
Brief overview of the risk:
This security update helps to resolve an information disclosure vulnerability in Microsoft Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability an attacker would first have to use another vulnerability in Internet Explorer to execute code in the sandboxed process. The attacker could then execute Notepad, Visio, PowerPoint, Excel, or Word with an unsafe command line parameter to effect information disclosure.
Detailed Information on the risk:
An information disclosure vulnerability exists in Microsoft Windows, Internet Explorer, and Microsoft Office when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM).
To exploit this vulnerability, an attacker would first need to leverage another vulnerability and execute code in Internet Explorer with EPM, and then execute Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter. The update addresses the vulnerability by improving how Notepad and Microsoft Office programs are executed from Internet Explorer.
Windows Vista Service Pack 2 To exploit this vulnerability, an attacker would first need to leverage another vulnerability and execute code in Internet Explorer with EPM, and then execute Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter. The update addresses the vulnerability by improving how Notepad and Microsoft Office programs are executed from Internet Explorer.
Further information on this exploit is available at : MS15-088
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Affected Software
Windows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)