CVE-2015-6128

Published: Dec 9, 2015Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."

Affected (5)

Products: Microsoft: Windows 7, Windows Server 2008, Windows Vista

3 products

Windows Server 2008

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Vista	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://www.securityfocus.com/bid/78612

Source: secure@microsoft.com

http://www.securitytracker.com/id/1034338

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132

Source: secure@microsoft.com

https://www.exploit-db.com/exploits/38918/

Source: secure@microsoft.com

http://www.securityfocus.com/bid/78612

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034338

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/38918/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.