CVE-2015-2264 : Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.W

Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125 allow local users to gain privileges via a Trojan horse (a) csunsapi.dll, (b) swift.dll, (c) nfhwcrhk.dll, or (d) surewarehook.dll file in an unspecified directory.

Published 2015-03-13 01:59:34

Updated 2015-03-13 19:00:30

Source CERT/CC

View at NVD, CVE.org

Products affected by CVE-2015-2264

Telerik » Analytics Monitor Library
Versions up to, including, (<=) 3.2.122
cpe:2.3:a:telerik:analytics_monitor_library:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-2264

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 48 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2264

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2015-2264

http://www.kb.cert.org/vuls/id/794095

VU#794095 - Telerik Analytics Monitor Library allows DLL hijacking
Third Party Advisory;US Government Resource

Jump to

Vulnerability Details : CVE-2015-2264

Products affected by CVE-2015-2264

Exploit prediction scoring system (EPSS) score for CVE-2015-2264

CVSS scores for CVE-2015-2264

References for CVE-2015-2264