Vulnerability Details : CVE-2015-3999
Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.
Vulnerability category: Information leak
Products affected by CVE-2015-3999
- cpe:2.3:a:piriform:ccleaner:4.15.4725:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.14.4707:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.13.4693:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.12.4657:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:3.27.1900:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:3.26.1888:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:5.02.5101:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:5.01.5075:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:5.00.5050:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.07.4369:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.06.4324:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.05.4250:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.04.4197:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.19.4867:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.17.4808:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.10.4570:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.08.4428:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.03.4151:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.01.4093:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:3.28.1913:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.18.4844:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.16.4763:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.11.4619:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.09.4471:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.02.4115:*:*:*:*:*:*:*
- cpe:2.3:a:piriform:ccleaner:4.00.4064:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3999
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3999
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2015-3999
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3999
-
http://www.securityfocus.com/bid/74714
Piriform CCleaner CVE-2015-3999 Arbitrary File Overwrite Vulnerability
-
http://seclists.org/fulldisclosure/2015/May/72
Full Disclosure: KL-001-2015-002 : Piriform CCleaner Wiped Filename Recovery
Jump to