Untrusted Search Path Vulnerability in Microsoft Windows Media Device Manager
CVE-2015-2369

Currently unrated

Key Information:

Vendor

Microsoft
Status
Windows Server 2008
Windows 7
Windows Vista
Windows 2003 Server
Vendor
CVE Published:
14 July 2015

What is CVE-2015-2369?

The untrusted search path vulnerability in Windows Media Device Manager affects several Windows operating systems and allows local users to exploit a weakness by embedding a Trojan horse DLL in the current working directory. This may lead to unauthorized privilege escalation, as the system might execute the malicious DLL rather than the legitimate one. The risk is particularly pressing when unverified files are accessible in directories containing .rtf files, facilitating potential remote code execution.

References

http://www.securitytracker.com/id/1032898
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-2369 : Untrusted Search Path Vulnerability in Microsoft Windows Media Device Manager