CVE-2015-2368 — Microsoft Windows Server 2008 vulnerability

4 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

7.1%

top 8.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedJul 14

Latest updateMay 14

Description

Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Windows DLL Remote Code Execution Vulnerability."

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-8977-p8m2-4f75: Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday – July 2015↗2015-07-14

▶

Talos

Microsoft Patch Tuesday – July 2015↗2015-07-14

▶