CVE Vulnerabilities

CVE-2015-0058

Double Free

Published: Feb 11, 2015 | Modified: May 14, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka Windows Cursor Object Double Free Vulnerability.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Windows_server_2012 Microsoft r2 r2
Windows_8.1 Microsoft - -
Windows_rt_8.1 Microsoft - -

Potential Mitigations

References