CVE-2015-0008

CVE	CVE-2015-0008
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-02-11 03:00:00 UTC
Updated	2019-10-29 19:15:00 UTC
Description	The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."

Problem Types: CWE-284

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Microsoft	Windows 7	-	sp1	All	All
Operating System	Microsoft	Windows 7	-	sp1	All	All
Operating System	Microsoft	Windows 8	-	All	All	All
Operating System	Microsoft	Windows 8	-	All	All	All
Operating System	Microsoft	Windows 8.1	-	All	All	All
Operating System	Microsoft	Windows 8.1	-	All	All	All
Operating System	Microsoft	Windows Rt	-	All	All	All
Operating System	Microsoft	Windows Rt	-	All	All	All
Operating System	Microsoft	Windows Rt 8.1	-	All	All	All
Operating System	Microsoft	Windows Rt 8.1	-	All	All	All
Operating System	Microsoft	Windows Server 2003	-	sp2	All	All
Operating System	Microsoft	Windows Server 2003	-	sp2	All	All
Operating System	Microsoft	Windows Server 2008	-	sp2	All	All
Operating System	Microsoft	Windows Server 2008	r2	sp1	All	All
Operating System	Microsoft	Windows Server 2008	r2	sp1	All	All
Operating System	Microsoft	Windows Server 2008	-	sp2	All	All
Operating System	Microsoft	Windows Server 2008	r2	sp1	All	All
Operating System	Microsoft	Windows Server 2008	r2	sp1	All	All
Operating System	Microsoft	Windows Server 2012	-	All	All	All
Operating System	Microsoft	Windows Server 2012	r2	All	All	All
Operating System	Microsoft	Windows Server 2012	-	All	All	All
Operating System	Microsoft	Windows Server 2012	r2	All	All	All
Operating System	Microsoft	Windows Vista	-	sp2	All	All
Operating System	Microsoft	Windows Vista	-	sp2	All	All

Reference	Source	Link	Tags
Microsoft Windows Group Policy CVE-2015-0008 Remote Code Execution Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com	Third Party Advisory, VDB Entry
MS15-011 & MS15-014: Hardening Group Policy - Security Research & Defense - Site Home - TechNet Blogs	CONFIRM	blogs.technet.com	Patch, Vendor Advisory
Microsoft Windows Server 2012 Group Policy Remote Code Execution ≈ Packet Storm	MISC	packetstormsecurity.com
Microsoft Security Bulletin MS15-011 - Critical \| Microsoft Docs	MS	docs.microsoft.com	Patch, Vendor Advisory
Microsoft Windows Group Policy Processing Error Lets Remote Users Execute Arbitrary Code in Certain Cases - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
JASBUG: Cutting Through the Fear Uncertainty and Doubt (FUD) \| JAS Global Advisors	MISC	www.jasadvisors.com	Third Party Advisory
Vulnerability Note VU#787252 - Microsoft Windows domain-configured client Group Policy fails to authenticate servers	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.