CVE-2015-2368

2015-07-1421:59:05

[email protected]

web.nvd.nist.gov

cve-2015-2368

microsoft

windows

untrusted search path vulnerability

remote code execution

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.4%

JSON

Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka “Windows DLL Remote Code Execution Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7Match-sp1

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_server_2012Matchr2datacenter

microsoftwindows_server_2012Matchr2essentials

microsoftwindows_server_2012Matchr2standard

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_rt_8.1microsoft windows rt 8.1eq-
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2