Home

CVE-2015-2546

Description

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka Win32k Memory Corruption Elevation of Privilege Vulnerability, a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.

Risk Information

Base Score
8.2
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
39.933

Associated Vulnerability

VulnerabilityOS Platform
Cumulative Update for Windows 10 for x64-based Systems (KB3081455)Windows
Security Update for Windows Vista (KB3087039)Windows
Security Update for Windows Server 2008 (KB3087039)Windows
Security Update for Windows 7 (KB3087039)Windows
Security Update for Windows 8 (KB3087039)Windows
Security Update for Windows 8.1 (KB3087039)Windows
Security Update for Windows Vista for x64-based Systems (KB3087039)Windows
Security Update for Windows Server 2008 x64 Edition (KB3087039)Windows
Security Update for Windows 7 for x64-based Systems (KB3087039)Windows
Security Update for Windows Server 2008 R2 x64 Edition (KB3087039)Windows
Security Update for Windows 8 for x64-based Systems (KB3087039)Windows
Security Update for Windows Server 2012 (KB3087039)Windows
Security Update for Windows 8.1 for x64-based Systems (KB3087039)Windows
Security Update for Windows Server 2012 R2 (KB3087039)Windows
Security Update for Windows Vista (KB3087135)Windows
Security Update for Windows Server 2008 (KB3087135)Windows
Security Update for Windows Vista for x64-based Systems (KB3087135)Windows
Security Update for Windows Server 2008 x64 Edition (KB3087135)Windows
Security Update for Microsoft Office 2007 suites (KB3085546)Windows
Security Update for Microsoft Office 2010 (KB3085529) 32-Bit EditionWindows
Security Update for Microsoft Office 2010 (KB3085529) 64-Bit EditionWindows
Security Update for Skype for Business 2015 (KB3085500) 32-Bit EditionWindows
Security Update for Skype for Business 2015 (KB3085500) 64-Bit EditionWindows
Security Update for Microsoft Lync 2010 (32 -bit) (KB3081087)Windows
Security Update for Microsoft Lync 2010 Attendee (Admin level install) (KB3081089)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-18843Cumulative Update for Windows 10 for x64-based Systems (KB3081455)
PATCH-18851Security Update for Windows Vista (KB3087039)
PATCH-18852Security Update for Windows Server 2008 (KB3087039)
PATCH-18853Security Update for Windows 7 (KB3087039)
PATCH-18854Security Update for Windows 8 (KB3087039)
PATCH-18855Security Update for Windows 8.1 (KB3087039)
PATCH-18856Security Update for Windows Vista for x64-based Systems (KB3087039)
PATCH-18857Security Update for Windows Server 2008 x64 Edition (KB3087039)
PATCH-18858Security Update for Windows 7 for x64-based Systems (KB3087039)
PATCH-18859Security Update for Windows Server 2008 R2 x64 Edition (KB3087039)
PATCH-18860Security Update for Windows 8 for x64-based Systems (KB3087039)
PATCH-18861Security Update for Windows Server 2012 (KB3087039)
PATCH-18862Security Update for Windows 8.1 for x64-based Systems (KB3087039)
PATCH-18863Security Update for Windows Server 2012 R2 (KB3087039)
PATCH-18868Security Update for Microsoft Office 2007 suites (KB3085546)
PATCH-18869Security Update for Microsoft Office 2010 (KB3085529) 32-Bit Edition
PATCH-18870Security Update for Microsoft Office 2010 (KB3085529) 64-Bit Edition
PATCH-19003Security Update for Skype for Business 2015 (KB3085500) 32-Bit Edition
PATCH-19004Security Update for Skype for Business 2015 (KB3085500) 64-Bit Edition
PATCH-19007Security Update for Microsoft Lync 2010 Attendee (Admin level install) (KB3081089)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234