Tag
#windows
**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.
**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
**How could an attacker exploit this vulnerability?** An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.