CVE-2015-5465 - Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager

CVE-2015-5465

Summary

Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call. <a href="https://cwe.mitre.org/data/definitions/123.html">CWE-123: Write-what-where Condition</a>

References

Vulnerable Configurations

cpe:2.3:a:sis:windows_vga_display_manager:6.14.10.3930:*:*:*:*:*:*:*
cpe:2.3:a:sis:windows_vga_display_manager:6.14.10.3930:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 09-10-2018 - 19:57)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation
exploit-db	38054
fulldisc	20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation
misc	http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt

Last major update

09-10-2018 - 19:57

Published

16-09-2015 - 18:59

Last modified

09-10-2018 - 19:57