Vulnerability Details CVE-2015-1769
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.16
EPSS Ranking 94.5%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 7.2
Proposed Action
A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.
Ransomware Campaign
Unknown
References
- http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx
- http://www.securitytracker.com/id/1033244
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085
- http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx
- http://www.securitytracker.com/id/1033244
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085
Products affected by CVE-2015-1769
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_8:-
-
cpe:2.3:o:microsoft:windows_rt:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_vista:-