Information Disclosure Vulnerability in Microsoft Windows Systems
CVE-2015-2367

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2003 Server; Windows Rt; Windows 8.1; Windows Server 2008
Vendor: CVE Published:; 14 July 2015

Summary

The win32k.sys component in Microsoft Windows allows local users to access sensitive information from uninitialized memory locations. This vulnerability can be exploited by crafting specific applications that interact with the kernel-mode drivers, potentially leading to unauthorized data exposure.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1032904

vdb-entryx_refsource_SECTRACK

http://www.zerodayinitiative.com/advisories/ZDI-15-536

x_refsource_MISC

Timeline

Vulnerability published
Jul 14, 2015
Vulnerability Reserved
Mar 19, 2015