CVE-2015-2369

Published: Jul 14, 2015Modified: May 6, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rtf file, aka "DLL Planting Remote Code Execution Vulnerability."

Affected (5)

Products: Microsoft: Windows 2003 Server, Windows 7, Windows Server 2008, Windows Vista

4 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Vista	All versions

References (4)

http://www.securitytracker.com/id/1032898

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-069

Source: secure@microsoft.com

http://www.securitytracker.com/id/1032898

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-069

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.