MS15-117: Security Update for NDIS to Address Elevation of Privilege (3101722)

High Nessus Plugin ID 86824


The remote Windows host is affected by an elevation of privilege vulnerability.


The remote Windows host is affected by an elevation of privilege vulnerability in the Network Driver Interface Specification (NDIS) due to a failure to check the length of a buffer prior to copying it into memory. An authenticated, remote attacker can exploit this vulnerability, via a specially crafted application, to gain elevated privileges on the system.


Microsoft has released a set of patches for Windows Vista, 2008, 7, and 2008 R2.

See Also

Plugin Details

Severity: High

ID: 86824

File Name: smb_nt_ms15-117.nasl

Version: $Revision: 1.6 $

Type: local

Agent: windows

Published: 2015/11/10

Modified: 2017/07/24

Dependencies: 13855, 57033

Risk Information

Risk Factor: High


Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/11/10

Vulnerability Publication Date: 2015/11/10

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-6098

BID: 77473

OSVDB: 130057

MSFT: MS15-117

MSKB: 3101722

IAVA: 2015-A-0277