Untrusted Search Path Vulnerabilities in Telerik Analytics Monitor Library
CVE-2015-2264

Currently unrated

Key Information:

Vendor: Telerik
Status: Analytics Monitor Library
Vendor: CVE Published:; 13 March 2015

What is CVE-2015-2264?

Multiple vulnerabilities exist in the Telerik Analytics Monitor Library that permit local users to exploit untrusted search paths. Specifically, these vulnerabilities affect the EQATEC.Analytics.Monitor.Win32_vc100.dll and EQATEC.Analytics.Monitor.Win32_vc100-x64.dll files. Malicious actors can utilize a Trojan horse to introduce malicious DLL files such as csunsapi.dll, swift.dll, nfhwcrhk.dll, or surewarehook.dll from a directory that is not secured, potentially leading to privilege escalation on the affected system.

References

http://www.kb.cert.org/vuls/id/794095

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2015
Vulnerability Reserved
Mar 9, 2015