← Zuruck zu CVEs
CVE-2015-1769
MEDIUMCISA KEV6.6
Beschreibung
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
CVE Details
CVSS v3.1 Bewertung6.6
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorPHYSICAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht8/15/2015
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerMicrosoft
ProduktWindows
SchwachstellennameMicrosoft Windows Mount Manager Privilege Escalation Vulnerability
KEV Aufnahmedatum2022-05-25
Behebungsfrist2022-06-15
Ransomware-NutzungUnknown
Betroffene Produkte
microsoft:windows_10microsoft:windows_7microsoft:windows_8microsoft:windows_8.1microsoft:windows_rtmicrosoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_vista
Schwachen (CWE)
CWE-264
Referenzen
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx(secure@microsoft.com)
http://www.securitytracker.com/id/1033244(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085(secure@microsoft.com)
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033244(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1769(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.