CVE-2015-2417 : OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows

OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416.

Published 2015-07-14 22:59:10

Updated 2019-05-08 22:03:16

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Input validationGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2015-2417

Probability of exploitation activity in the next 30 days: 2.60%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-2417

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2015-2417

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2417

http://www.securitytracker.com/id/1032906

Microsoft Windows OLE Input Validation Flaw Lets Local Users Gain Elevated Privileges in Certain Cases - SecurityTracker

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-075

Microsoft Security Bulletin MS15-075 - Important | Microsoft Docs

CVEs referencing this url

Products affected by CVE-2015-2417

Microsoft » Windows 2003 Server » Update SP2
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2 Update SP2
cpe:2.3:o:microsoft:windows_2003_server:r2:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8 » Version: N/A
cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2 Standard Edition
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2 Datacenter Edition
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2 Essentials Edition
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
Matching versions
Microsoft » Windows Rt » Version: N/A
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-2417

Exploit prediction scoring system (EPSS) score for CVE-2015-2417

CVSS scores for CVE-2015-2417

CWE ids for CVE-2015-2417

References for CVE-2015-2417

Products affected by CVE-2015-2417