Vulnerability in PNG processing could allow information disclosure - MS15-024ID: oval:org.secpod.oval:def:23764 | Date: (C)2015-03-11 (M)2023-10-06 |
Class: PATCH | Family: windows |
The host is missing an important security update according to Microsoft security bulletin MS15-024. The update is required to fix an information disclosure vulnerability. A flaw is present which exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted PNG image format files. An attacker who successfully exploited this vulnerability would be able to read data which was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.
Platform: |
Microsoft Windows Server 2003 |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows Server 2012 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |