Two remote code execution vulnerabilities in Microsoft Windows
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2015-0081 CVE-2015-0096 |
| CWE-ID | CWE-119 CWE-426 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Vulnerability #2 is being exploited in the wild. |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU5608
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-0081
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Windows Text Services. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Windows: Vista - 8.1
Windows Server: 2003 - 2012
CPE2.3- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:RT:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms15-020.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Insecure dll. library loading
EUVDB-ID: #VU5609
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2015-0096
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the way Microsoft Windows parses shortcuts. A remote attacker can place a specially crafted .dll file along with an icon file on a remote SMB or WebDav share, trick the victim into opening that document and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website.
Windows: Vista - 8.1
Windows Server: 2003 - 2012
CPE2.3https://technet.microsoft.com/en-us/library/security/ms15-020.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
