CVE-2015-6098

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1

Description The issue is caused by a buffer overflow in the Network Driver Interface Standard (NDIS) implementation, allowing local users to gain privileges via a crafted application. An elevation of privilege vulnerability exists when NDIS fails to check the length of a buffer prior to copying memory into it. To exploit the vulnerability, an attacker would first have to log on to the system.

Recommendations For Microsoft Windows Vista SP2, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows 7 SP1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the NDIS implementation until a patch is available.