CVE-2015-1758

2015-06-1001:59:30

[email protected]

web.nvd.nist.gov

cve-2015-1758

untrusted search path

loadlibrary function

microsoft windows

privilege escalation

vulnerability

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.7%

JSON

Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka “Windows LoadLibrary EoP Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7sp1x64

microsoftwindows_7sp1x86

microsoftwindows_8Match-x64

microsoftwindows_8Match-x86

microsoftwindows_rtMatch-

microsoftwindows_server_2008sp2

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_server_2012Match-

microsoftwindows_vistasp2

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_rtmicrosoft windows rteq-
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_rt	microsoft windows rt	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_vista	microsoft windows vista	eq	*