CVE-2015-0014

Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/61580
http://www.securityfocus.com/bid/71968
http://www.securitytracker.com/id/1031523
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002
https://exchange.xforce.ibmcloud.com/vulnerabilities/99517
https://exchange.xforce.ibmcloud.com/vulnerabilities/99518
http://secunia.com/advisories/61580
http://www.securityfocus.com/bid/71968
http://www.securitytracker.com/id/1031523
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002
https://exchange.xforce.ibmcloud.com/vulnerabilities/99517
https://exchange.xforce.ibmcloud.com/vulnerabilities/99518

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_8:-:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2012:-:gold::::::
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::x64::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::

History

21 Nov 2024, 02:22

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/61580 -~~	() http://secunia.com/advisories/61580 -
References	~~() http://www.securityfocus.com/bid/71968 -~~	() http://www.securityfocus.com/bid/71968 -
References	~~() http://www.securitytracker.com/id/1031523 -~~	() http://www.securitytracker.com/id/1031523 -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/99517 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/99517 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/99518 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/99518 -

Information

Published : 2015-01-13 22:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-0014

Mitre link : CVE-2015-0014

CVE.ORG link : CVE-2015-0014

JSON object : View

Products Affected

microsoft

windows_server_2012
windows_server_2003
windows_server_2008
windows_7
windows_8
windows_vista
windows_8.1

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2015-0014", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-13T22:59:05.580", "references": [{"url": "http://secunia.com/advisories/61580", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/71968", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1031523", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99517", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99518", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/61580", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/71968", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031523", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-002", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99517", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99518", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows Telnet Service Buffer Overflow Vulnerability.\""}, {"lang": "es", "value": "Desbordamiento de buffer en el servicio Telnet en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, y Windows Server 2012 Gold y R2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes manipulados, tambi\u00e9n conocido como 'vulnerabilidad del desbordamiento de buffer del servicio Telnet de Windows.'"}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"}, {"criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F"}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB506484-7F0C-46BF-8EA6-4FB5AF454CED"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*", "vulnerable": true, "matchCriteriaId": "D29A1464-D228-4E0D-8FEA-06B9CBCA7F74"}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

10.0 /10