Microsoft » Windows Vista : Security Vulnerabilities, CVEs, Published In 2015 (Gain Privilege) CVSS score >= 8
CVE-2015-2509
Public exploit
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
Max CVSS
9.3
EPSS Score
97.35%
Published
2015-09-09
Updated
2019-05-15
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a crafted application, aka "Windows Filesystem Elevation of Privilege Vulnerability."
Max CVSS
9.3
EPSS Score
0.25%
Published
2015-08-15
Updated
2019-05-15
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."
Max CVSS
9.3
EPSS Score
0.29%
Published
2015-08-15
Updated
2019-05-15
CVE-2015-0016
Known exploited
Public exploit
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
Max CVSS
9.3
EPSS Score
26.60%
Published
2015-01-13
Updated
2018-10-12
CISA KEV Added
2022-05-25
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."
Max CVSS
8.3
EPSS Score
31.11%
Published
2015-02-11
Updated
2019-10-29
5 vulnerabilities found