Untrusted Search Path Vulnerability in Microsoft Windows Media Device Manager
CVE-2015-2369

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Server 2008; Windows 7; Windows Vista; Windows 2003 Server
Vendor: CVE Published:; 14 July 2015

What is CVE-2015-2369?

The untrusted search path vulnerability in Windows Media Device Manager affects several Windows operating systems and allows local users to exploit a weakness by embedding a Trojan horse DLL in the current working directory. This may lead to unauthorized privilege escalation, as the system might execute the malicious DLL rather than the legitimate one. The risk is particularly pressing when unverified files are accessible in directories containing .rtf files, facilitating potential remote code execution.

References

http://www.securitytracker.com/id/1032898

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2015
Vulnerability Reserved
Mar 19, 2015