Vulnerability Details : CVE-2015-0008
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."
Vulnerability category: Execute codeBypassGain privilege
Products affected by CVE-2015-0008
- cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0008
12.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0008
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST |
CWE ids for CVE-2015-0008
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0008
-
http://www.securitytracker.com/id/1031719
Microsoft Windows Group Policy Processing Error Lets Remote Users Execute Arbitrary Code in Certain Cases - SecurityTrackerThird Party Advisory;VDB Entry
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-011
Microsoft Security Bulletin MS15-011 - Critical | Microsoft DocsPatch;Vendor Advisory
-
http://www.kb.cert.org/vuls/id/787252
VU#787252 - Microsoft Windows domain-configured client Group Policy fails to authenticate serversThird Party Advisory;US Government Resource
-
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
2015 – Microsoft Security Response CenterPatch;Vendor Advisory
-
http://packetstormsecurity.com/files/155002/Microsoft-Windows-Server-2012-Group-Policy-Remote-Code-Execution.html
Microsoft Windows Server 2012 Group Policy Remote Code Execution ≈ Packet Storm
-
https://www.jasadvisors.com/additonal-jasbug-security-exploit-info/
JASBUG: Cutting Through the Fear Uncertainty and Doubt (FUD) | JAS Global AdvisorsThird Party Advisory
-
http://www.securityfocus.com/bid/72477
Microsoft Windows Group Policy CVE-2015-0008 Remote Code Execution VulnerabilityVDB Entry;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100426
Microsoft Windows Group Policy code execution CVE-2015-0008 Vulnerability ReportThird Party Advisory;VDB Entry
Jump to