Vulnerability Details : CVE-2015-2362
Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."
Vulnerability category: Execute code
Products affected by CVE-2015-2362
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2362
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2362
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-2362
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2362
-
http://www.securitytracker.com/id/1032897
Microsoft Hyper-V Lets Local Guest Users Gain Privileges on the Host System - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-068
Microsoft Security Bulletin MS15-068 - Critical | Microsoft Docs
Jump to