Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2015-1725

Published: 10/06/2015 Updated: 15/05/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 730
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows rt 8.1 -

microsoft windows 7 -

microsoft windows vista -

microsoft windows server 2003 -

microsoft windows server 2003 r2

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows 8.1 -

microsoft windows 8 -

microsoft windows server 2008 r2

microsoft windows rt -

microsoft windows server 2008 -

Exploits

Exploit DB: Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)
Source: codegooglecom/p/google-security-research/issues/detail?id=313 The PoC triggers a pool buffer overflow in win32k!vSolidFillRect ​When using Special Pool we get the crash immediately on the overwrite Without Special Pool we often get a crash in the same function, but sometimes it crashes in a different function (similar to anot ...
Exploit DB: Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)
Source: codegooglecom/p/google-security-research/issues/detail?id=312 This issue is very likely a null pointer issue affecting 32-bit Windows version The offset is from add onto another offset which isn't quite zero, so not 100% convinced it is just a null pointer, however I wasn't able to influence the values because it was very strai ...

References

CWE-119https://www.exploit-db.com/exploits/38271/https://www.exploit-db.com/exploits/38270/http://www.securitytracker.com/id/1032525https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061https://nvd.nist.govhttps://www.exploit-db.com/exploits/38270/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook