| ID |
CVE-2015-6125
|
| Summary |
Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Use After Free Vulnerability." <a href="https://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2012:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:*:gold:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 08-05-2019 - 22:03) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS15-127 | | bulletin_url | | | date | 2015-12-08T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 3100465 | | knowledgebase_url | | | severity | Critical | | title | Security Update for Microsoft Windows DNS to Address Remote Code Execution |
|
| refmap
via4
|
|
| Last major update |
08-05-2019 - 22:03 |
| Published |
09-12-2015 - 11:59 |
| Last modified |
08-05-2019 - 22:03 |
