Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka “Microsoft Silverlight Information Disclosure Vulnerability,” a different vulnerability than CVE-2015-6114.
Monthly Archives: December 2015
CVE-2015-6166 (silverlight)
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests, aka “Microsoft Silverlight RCE Vulnerability.”
CVE-2015-6168 (edge)
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-6153.
CVE-2015-6169 (edge)
Microsoft Edge misparses HTTP responses, which allows remote attackers to redirect users to arbitrary web sites via unspecified vectors, aka “Microsoft Edge Spoofing Vulnerability.”
CVE-2015-6170 (edge)
Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka “Microsoft Browser Elevation of Privilege Vulnerability.”
CVE-2015-6171 (windows_10, windows_7, windows_8, windows_8.1, windows_rt, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_vista)
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Windows Kernel Memory Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-6173 and CVE-2015-6174.
CVE-2015-6172 (office, office_compatibility_pack, word)
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka “Microsoft Office RCE Vulnerability.”
CVE-2015-6173 (windows_10, windows_7, windows_8, windows_8.1, windows_rt, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_vista)
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Windows Kernel Memory Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-6171 and CVE-2015-6174.
CVE-2015-6174 (windows_10, windows_7, windows_8, windows_8.1, windows_rt, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_vista)
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Windows Kernel Memory Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2015-6171 and CVE-2015-6173.
CVE-2015-6175 (windows_10)
The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka “Windows Kernel Memory Elevation of Privilege Vulnerability.”