CVE-2015-0098

Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability."

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id/1032112
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-037

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_7::sp1:x64:::::
	cpe:2.3:o:microsoft:windows_7::sp1:x86:::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::

History

No history.

Information

Published : 2015-04-14 20:59

Updated : 2024-02-28 12:20

NVD link : CVE-2015-0098

Mitre link : CVE-2015-0098

CVE.ORG link : CVE-2015-0098

JSON object : View

Products Affected

microsoft

windows_7
windows_server_2008

CWE

CWE-264

Permissions, Privileges, and Access Controls

NVD-CWE-Other

{"id": "CVE-2015-0098", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-14T20:59:00.077", "references": [{"url": "http://www.securitytracker.com/id/1032112", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-037", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}, {"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka \"Task Scheduler Elevation of Privilege Vulnerability.\""}, {"lang": "es", "value": "Task Scheduler en Microsoft Windows 7 SP1 y Windows Server 2008 R2 SP1 permite a usuarios locales ganar privilegios mediante la provocaci\u00f3n de laa ejecuci\u00f3n de aplicaciones por una tarea inv\u00e1lida, tambi\u00e9n conocido como 'vulnerabilidad de la elevaci\u00f3n de privilegios de Task Scheduler.'"}], "lastModified": "2018-10-12T22:08:26.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FA15D65-7C32-4C7A-9915-746AB3F454EE"}, {"criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "976EFC05-9B37-4661-AD34-4FFDB5AB48E0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"https://cwe.mitre.org/data/definitions/701.html\">CWE-701: Weaknesses Introduced During Design</a>", "sourceIdentifier": "secure@microsoft.com"}