Remote Code Execution Vulnerability in SolarWinds Server and Application Monitor
CVE-2015-1501

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Server And Application Monitor
Vendor: CVE Published:; 16 February 2015

What is CVE-2015-1501?

The factory.loadExtensionFactory function in the TSUnicodeGraphEditorControl component of SolarWinds Server and Application Monitor permits remote attackers to execute arbitrary code. This is achieved by manipulating a UNC path that points to a specially crafted binary, leading to significant security risks for affected systems.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-043/

x_refsource_MISC

EPSS Score

20% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2015
Vulnerability Reserved
Feb 5, 2015

Solarwinds

What is CVE-2015-1501?

References

EPSS Score

Timeline