ID CVE-2015-1758
Summary Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka "Windows LoadLibrary EoP Vulnerability." CWE-426: Untrusted Search Path https://cwe.mitre.org/data/definitions/426.html
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:x86:*
  • cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 12-10-2018 - 22:09)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS15-063
bulletin_url
date 2015-06-09T00:00:00
impact Elevation of Privilege
knowledgebase_id 3063858
knowledgebase_url
severity Important
title Vulnerability in Windows Kernel Could Allow Elevation of Privilege
refmap via4
bid 75004
jvn JVN#18146081
jvndb JVNDB-2015-000086
sectrack 1032527
Last major update 12-10-2018 - 22:09
Published 10-06-2015 - 01:59
Last modified 12-10-2018 - 22:09
Back to Top