- Home
- CVEs with nessus.description==The+remote+Windows+host+is+affected+by+multiple+vulnerabilities+%3A%0A%0A++-+Multiple+remote+code+execution+vulnerabilities+exist+due+++++to+the+Windows+Adobe+Type+Manager+Library+not+properly+++++handling+specially+crafted+OpenType+fonts.+An+attacker+++++can+exploit+these%2C+by+using+a+crafted+document+or+web+++++page+with+embedded+OpenType+fonts%2C+to+execute+arbitrary+++++code+in+the+context+of+the+current+user.+%28CVE-2015-2432%2C+++++CVE-2015-2458%2C+CVE-2015-2459%2C+CVE-2015-2460%2C+++++CVE-2015-2461%2C+CVE-2015-2462%29%0A%0A++-+Multiple+remote+code+execution+vulnerabilities+exist+in+++++various+components+of+Windows%2C+.NET+Framework%2C+Office%2C+++++Lync%2C+and+Silverlight+due+to+a+failure+to+properly+handle+++++TrueType+fonts.+An+attacker+can+exploit+these%2C+by+using+++++a+crafted+document+or+web+page+with+embedded+TrueType+++++fonts%2C+to+execute+arbitrary+code+in+the+context+of+the+++++current+user.+%28CVE-2015-2435%2C+CVE-2015-2455%2C+++++CVE-2015-2456+CVE-2015-2463%2C+CVE-2015-2464%29%0A%0A++-+A+remote+code+execution+vulnerability+exists+due+to+++++Microsoft+Office+not+properly+handling+Office+Graphics+++++Library+%28OGL%29+fonts.+An+attacker+can+exploit+this%2C+by+++++using+a+crafted+document+or+web+page+with+embedded+OGL+++++fonts%2C+to+execute+arbitrary+code+in+the+context+of+the+++++user.+%28CVE-2015-2431%29%0A%0A++-+A+security+feature+bypass+vulnerability+exists+due+to+++++a+failure+by+the+Windows+kernel+to+properly+initialize+++++a+memory+address.+An+attacker%2C+using+a+specially+crafted+++++application%2C+can+exploit+this+issue+to+bypass+Kernel+++++Address+Space+Layout+Randomization+%28KASLR%29+and+retrieve+++++the+base+address+of+the+kernel+driver.+%28CVE-2015-2433%29%0A%0A++-+An+elevation+of+privilege+vulnerability+exists+due+to+++++a+flaw+in+the+Windows+Client%2FServer+Run-time+Subsystem+++++%28CSRSS%29+when+terminating+a+process+when+a+user+logs+off.%0A++++An+attacker+can+exploit+this+vulnerability+to+run+code+++++that+monitors+the+actions+of+users+who+log+on+to+the+++++system%2C+allowing+the+disclosure+of+sensitive+information+++++which+could+be+used+to+elevate+privileges+or+execute+++++code.+%28CVE-2015-2453%29%0A%0A++-+A+security+feature+bypass+vulnerability+exists+due+to+++++the+Windows+kernel-mode+driver+not+properly+validating+++++and+enforcing+impersonation+levels.+An+attacker+can+++++exploit+this+to+gain+elevated+privileges+on+a+targeted+++++system.+%28CVE-2015-2454%29%0A%0A++-+A+security+feature+bypass+vulnerability+exists+due+to+++++the+Windows+shell+not+properly+validating+and+enforcing+++++impersonation+levels.+An+attacker+can+exploit+this+to+++++bypass+impersonation-level+security+and+gain+elevated+++++privileges+on+a+targeted+system.+%28CVE-2015-2465%29
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top