Published: 09/12/2015 Updated: 12/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 730

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows vista
microsoft windows server 2008
microsoft windows server 2008 r2
microsoft windows 7

Source: codegooglecom/p/google-security-research/issues/detail?id=514 It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the latest updates applied The attached POC document "plant ...

require 'zip' require 'base64' require 'msf/core' require 'rex/ole' class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE def initialize(info = {}) super(update_info(info, 'Name' => 'Office OLE Multiple DLL Side Loading Vulnerabilities', 'Descri ...

CWE-20 http://www.securityfocus.com/bid/78612 https://www.exploit-db.com/exploits/38918/http://www.securitytracker.com/id/1034338 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132 https://nvd.nist.gov https://www.exploit-db.com/exploits/38918/

CVE-2015-6128

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect