Vigil@nce - Windows: six vulnerabilities of Win32k
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Win32k of Windows.
– Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2,
Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows
Vista.
– Severity: 2/4.
– Creation date: 15/07/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Windows.
An attacker can generate a memory corruption, in order to trigger
a denial of service, and possibly to run code. [severity:2/4;
CVE-2015-2363]
An attacker can generate a memory corruption, in order to trigger
a denial of service, and possibly to run code. [severity:2/4;
CVE-2015-2365]
An attacker can generate a memory corruption, in order to trigger
a denial of service, and possibly to run code. [severity:2/4;
CVE-2015-2366]
An attacker can bypass security features, in order to obtain
sensitive information about the memory. [severity:1/4;
CVE-2015-2367]
An attacker can bypass security features, in order to obtain
sensitive information about the memory. [severity:1/4;
CVE-2015-2381]
An attacker can bypass security features, in order to obtain
sensitive information about the memory. [severity:1/4;
CVE-2015-2382]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-six-vulnerabilities-of-Win32k-17363