Improper Input Validation

CVE-2015-6128

High

7.2/10

Summary

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."

Access Complexity: LOW
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

Advisory Timeline

Published Dec 09, 2015

Improper Input Validation

CVE-2015-6128

Summary

CWE-20 - Improper Input Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS