Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2015-1769

Published: 15/08/2015 Updated: 14/05/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate malicious users to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows rt -

microsoft windows rt 8.1 -

microsoft windows server 2012 r2

microsoft windows 8 -

microsoft windows vista -

microsoft windows server 2008 r2

microsoft windows 7 -

microsoft windows server 2008 -

microsoft windows server 2012 -

microsoft windows 8.1 -

Github Repositories

https://github.com/int0/CVE-2015-1769

PoC for CVE-2015-1769

CVE-2015-1769 PoC for CVE-2015-1769 VHD file to reproduce CVE-2015-1769 VHD doesn't contain actual payload only notepadexe Upon mounting inspect system log for reported blocked error if latest patch is installed Batch script shows how symbolic link was created that triggers the vulnerability same mechanism can be used to modify HDD or USB drive

Recent Articles

Microsoft Security Updates August 2015
Securelist • Kurt Baumgartner • 11 Aug 2015

Microsoft releases a new batch of fourteen security updates patching over fifty vulnerabilities today, with one of them known to be abused in targeted attacks. A large number of the vulnerabilities were reported by researchers from Google and their Project Zero, and HP’s Zero Day initiative. Meanwhile, a reflective discussion about the value of these offensive teams is laid out on offsec mailing lists. Currently being exploited in-the-wild, MS15-085 “Vulnerability in Mount Manager Could ...

Read more...

References

CWE-264http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspxhttp://www.securitytracker.com/id/1033244https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085https://nvd.nist.govhttps://github.com/int0/CVE-2015-1769https://securelist.com/microsoft-security-updates-august-2015/71796/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook