MS15-069  Vulnerabilities in Windows Could Allow Remote Code Execution

2015-07-14 This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow Remote Code Execution if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open an RTF file or to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file. An attacker who successfully exploited the vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Vulnerabilities addressed in this bulletin:
Windows DLL Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows improperly handles the loading of dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2015-2368
DLL Planting Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows Media Device Manager improperly handles the loading of certain specially crafted DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVE-2015-2369

Bulletin details at Microsoft.com

Related CVE Entries

CVE-2015-2368

Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Windows DLL Remote Code Execution Vulnerability."
Max CVSS
6.9
EPSS Score
2.46%
Published
2015-07-14
Updated
2019-05-08

CVE-2015-2369

Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rtf file, aka "DLL Planting Remote Code Execution Vulnerability."
Max CVSS
6.9
EPSS Score
66.02%
Published
2015-07-14
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close