Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
Published 2015-03-11 10:59:23
Updated 2019-05-14 19:47:14
View at NVD,   CVE.org
Vulnerability category: File inclusionExecute code

Products affected by CVE-2015-0096

Exploit prediction scoring system (EPSS) score for CVE-2015-0096

97.25%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-0096

  • Microsoft Windows Shell LNK Code Execution
    Disclosure Date: 2015-03-10
    First seen: 2020-04-26
    exploit/windows/fileformat/ms15_020_shortcut_icon_dllloader
    This module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates the required files to exploit the vulnerability. They must be uplo
  • Microsoft Windows Shell LNK Code Execution
    Disclosure Date: 2015-03-10
    First seen: 2020-04-26
    exploit/windows/smb/ms15_020_shortcut_icon_dllloader
    This module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a L

CVSS scores for CVE-2015-0096

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST

CWE ids for CVE-2015-0096

  • The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-0096

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!