CVE-2015-2416

Name of the Vulnerable Software and Affected Versions Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT Gold and 8.1

Description The issue allows remote attackers to gain privileges via crafted input. This can lead to a transition from Low Integrity to Medium Integrity. The vulnerabilities exist in Microsoft Windows OLE when it fails to properly validate user input. These vulnerabilities do not allow arbitrary code to be run on their own and would need to be used in conjunction with another vulnerability that allows remote code execution. An attacker who successfully exploits the vulnerabilities could allow a user with limited privileges on an affected system to execute code at a medium integrity level.

Recommendations For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Windows Vista SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 7 SP1, update to a version that includes the fix for this issue. For Microsoft Windows 8, update to a version that includes the fix for this issue. For Microsoft Windows 8.1, update to a version that includes the fix for this issue. For Microsoft Windows Server 2012 Gold and R2, update to a version that includes the fix for this issue. For Microsoft Windows RT Gold and 8.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of OLE until a patch is available.