ID CVE-2015-2362
Summary Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
CVSS
Base: 7.2 (as of 08-05-2019 - 22:03)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS15-068
bulletin_url
date 2015-07-14T00:00:00
impact Remote Code Execution
knowledgebase_id 3072000
knowledgebase_url
severity Critical
title Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution
refmap via4
sectrack 1032897
Last major update 08-05-2019 - 22:03
Published 14-07-2015 - 21:59
Last modified 08-05-2019 - 22:03
Back to Top