Home

CVE-2015-2529

Description

The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka Kernel ASLR Bypass Vulnerability.

Risk Information

Base Score
5.0
MODERATE
Vector
AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
3.285

Associated Vulnerability

VulnerabilityOS Platform
Cumulative Update for Windows 10 for x64-based Systems (KB3081455)Windows
Security Update for Windows Vista (KB3087039)Windows
Security Update for Windows Server 2008 (KB3087039)Windows
Security Update for Windows 7 (KB3087039)Windows
Security Update for Windows 8 (KB3087039)Windows
Security Update for Windows 8.1 (KB3087039)Windows
Security Update for Windows Vista for x64-based Systems (KB3087039)Windows
Security Update for Windows Server 2008 x64 Edition (KB3087039)Windows
Security Update for Windows 7 for x64-based Systems (KB3087039)Windows
Security Update for Windows Server 2008 R2 x64 Edition (KB3087039)Windows
Security Update for Windows 8 for x64-based Systems (KB3087039)Windows
Security Update for Windows Server 2012 (KB3087039)Windows
Security Update for Windows 8.1 for x64-based Systems (KB3087039)Windows
Security Update for Windows Server 2012 R2 (KB3087039)Windows
Security Update for Windows Vista (KB3087135)Windows
Security Update for Windows Server 2008 (KB3087135)Windows
Security Update for Windows Vista for x64-based Systems (KB3087135)Windows
Security Update for Windows Server 2008 x64 Edition (KB3087135)Windows
Security Update for Microsoft Office 2007 suites (KB3085546)Windows
Security Update for Microsoft Office 2010 (KB3085529) 32-Bit EditionWindows
Security Update for Microsoft Office 2010 (KB3085529) 64-Bit EditionWindows
Security Update for Skype for Business 2015 (KB3085500) 32-Bit EditionWindows
Security Update for Skype for Business 2015 (KB3085500) 64-Bit EditionWindows
Security Update for Microsoft Lync 2010 (32 -bit) (KB3081087)Windows
Security Update for Microsoft Lync 2010 Attendee (Admin level install) (KB3081089)Windows
Update of Wireshark (2.0.2)Windows
Update of Wireshark X64 (2.0.2)Windows
Multiple vulnerabilities are fixed in Update for WireShark for Mac (2.0.2)Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-18843Cumulative Update for Windows 10 for x64-based Systems (KB3081455)
PATCH-18851Security Update for Windows Vista (KB3087039)
PATCH-18852Security Update for Windows Server 2008 (KB3087039)
PATCH-18853Security Update for Windows 7 (KB3087039)
PATCH-18854Security Update for Windows 8 (KB3087039)
PATCH-18855Security Update for Windows 8.1 (KB3087039)
PATCH-18856Security Update for Windows Vista for x64-based Systems (KB3087039)
PATCH-18857Security Update for Windows Server 2008 x64 Edition (KB3087039)
PATCH-18858Security Update for Windows 7 for x64-based Systems (KB3087039)
PATCH-18859Security Update for Windows Server 2008 R2 x64 Edition (KB3087039)
PATCH-18860Security Update for Windows 8 for x64-based Systems (KB3087039)
PATCH-18861Security Update for Windows Server 2012 (KB3087039)
PATCH-18862Security Update for Windows 8.1 for x64-based Systems (KB3087039)
PATCH-18863Security Update for Windows Server 2012 R2 (KB3087039)
PATCH-18868Security Update for Microsoft Office 2007 suites (KB3085546)
PATCH-18869Security Update for Microsoft Office 2010 (KB3085529) 32-Bit Edition
PATCH-18870Security Update for Microsoft Office 2010 (KB3085529) 64-Bit Edition
PATCH-19003Security Update for Skype for Business 2015 (KB3085500) 32-Bit Edition
PATCH-19004Security Update for Skype for Business 2015 (KB3085500) 64-Bit Edition
PATCH-19007Security Update for Microsoft Lync 2010 Attendee (Admin level install) (KB3081089)
PATCH-302392Update of Wireshark (2.0.2)
PATCH-302393Update of Wireshark X64 (2.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234