CVE-2015-1674

Description

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka Windows Kernel Security Feature Bypass Vulnerability.

Risk Information

Base Score

5.5

MODERATE

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.865

Associated Vulnerability

Vulnerability	OS Platform
ms15-052: vulnerability in windows kernel could allow security feature bypass: may 12, 2015 for Windows 8 (KB3050514)	Windows
ms15-052: vulnerability in windows kernel could allow security feature bypass: may 12, 2015 for Windows 8.1 (KB3050514)	Windows
ms15-052: vulnerability in windows kernel could allow security feature bypass: may 12, 2015 for Windows 8 for x64-based Systems (KB3050514)	Windows
ms15-052: vulnerability in windows kernel could allow security feature bypass: may 12, 2015 for Windows Server 2012 (KB3050514)	Windows
ms15-052: vulnerability in windows kernel could allow security feature bypass: may 12, 2015 for Windows 8.1 for x64-based Systems (KB3050514)	Windows
ms15-052: vulnerability in windows kernel could allow security feature bypass: may 12, 2015 for Windows Server 2012 R2 (KB3050514)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-17797	Security Update for Windows 8 (KB3050514)
PATCH-17798	Security Update for Windows 8.1 (KB3050514)
PATCH-17799	Security Update for Windows 8 for x64-based Systems (KB3050514)
PATCH-17800	Security Update for Windows Server 2012 (KB3050514)
PATCH-17801	Security Update for Windows 8.1 for x64-based Systems (KB3050514)
PATCH-17802	Security Update for Windows Server 2012 R2 (KB3050514)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234