Windows Search Path Vulnerability in Toshiba Bluetooth Stack and Service Station
CVE-2015-0884

Currently unrated

Key Information:

Vendor: Toshiba
Status: Bluetooth Stack
Vendor: CVE Published:; 28 February 2015

Summary

The vulnerability exists within the Toshiba Bluetooth Stack for Windows and Service Station due to the mishandling of unquoted search paths. When local users deploy a Trojan horse application that occupies a path name starting with an initial substring, a space character in the path can be exploited to gain elevated privileges. Users are advised to update to the latest versions of the affected products to mitigate this risk.

References

http://www.support.toshiba.com/sscontent?contentId=4007187

x_refsource_CONFIRM

http://www.securitytracker.com/id/1031825

vdb-entryx_refsource_SECTRACK

http://www.support.toshiba.com/sscontent?contentId=4007185

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 28, 2015
Vulnerability Reserved
Jan 8, 2015