Kaspersky Threats

Description

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities

Improper memory initialization can be exploited remotely via a specially designed TIFF, PNG or JXR image;
Incorrect impersonation handling can be exploited locally via processes manipulations, specially designed task, running AppCompatCache with specially designed DLL or specially designed application;
Directory traversal vulnerability can be exploited remotely via a specially designed executable file;
An unspecified vulnerability can be exploited locally via a specially designed application;
Lack of virtual stores restrictions can be exploited locally via a specially designed application;
An unknown vulnerability can be exploited remotely via vectors related to Windows Error Reporting;
Lack of domain restrictions can be exploited remotely via DNS and LDAP spoofing;
An unknown vulnerability can be exploited remotely via traffic sniffing;
An unknown vulnerability can be exploited remotely via vectors related to User Profile Service.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

CVE list

CVE-2015-0016
critical
CVE-2015-0062
high
CVE-2015-0015
high
CVE-2015-0061
warning
CVE-2015-0004
high
CVE-2015-0080
warning
CVE-2015-0006
high
CVE-2015-0005
warning
CVE-2015-0001
warning
CVE-2015-0075
high
CVE-2015-0073
high
CVE-2015-0002
high
CVE-2015-0076
warning
CVE-2015-0084
warning
CVE-2015-0011
warning

KB list

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Multiple vulnerabilities in Microsoft products