CVE-2015-0084

The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
microsoftwindows_7
-
microsoftwindows_8
-
microsoftwindows_8.1
-
microsoftwindows_rt
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2012
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/72913
http://www.securitytracker.com/id/1031893
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-028
http://www.securityfocus.com/bid/72913
http://www.securitytracker.com/id/1031893
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-028