CVE-2015-2473 - Vulnerability Details - OpenCVE

Description

Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability."

Published: 2015-08-15

Score: 9.3 Critical

EPSS: 31.8% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_7:-:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_7:-:sp1:::::x86:*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.31771.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.securitytracker.com/id/1033242
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082

History

No history.

Subscriptions

Microsoft Windows 7 Windows Server 2008

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2015-08-15T00:00:00.000Z

Updated: 2024-08-06T05:17:27.000Z

Reserved: 2015-03-19T00:00:00.000Z

Link: CVE-2015-2473

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-08-15T00:59:33.017

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-2473

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka \"Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS15-082", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082"}, {"name": "1033242", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033242"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2015-2473", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka \"Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS15-082", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082"}, {"name": "1033242", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033242"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:17:27.000Z"}, "title": "CVE Program Container", "references": [{"name": "MS15-082", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082"}, {"name": "1033242", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033242"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2015-2473", "datePublished": "2015-08-15T00:00:00.000Z", "dateReserved": "2015-03-19T00:00:00.000Z", "dateUpdated": "2024-08-06T05:17:27.000Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "matchCriteriaId": "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "matchCriteriaId": "06BBFA69-94E2-4BAB-AFD3-BC434B11D106", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka \"Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad en la ruta de b\u00fasqueda no fiable en el cliente en Remote Desktop Protocol (RDP) hasta la versi\u00f3n 8.1 en Microsoft Windows 7 SP1 y Windows Server 2008 R2 SP1, permite a usuarios locales obtener privilegios a trav\u00e9s de un troyano DLL en el directorio de trabajo actual, seg\u00fan lo demostrado por un directorio que contiene un archivo .rdp, tambi\u00e9n conocida como 'Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability'."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/426.html\">CWE-426: Untrusted Search Path</a>\n\nPer the Microsoft advisory, \" In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted RDP file that is designed to exploit the vulnerability. An attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message.\"\n\nThis vulnerability has been assigned and Attack Vector of Remote.", "id": "CVE-2015-2473", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-15T00:59:33.017", "references": [{"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1033242"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033242"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-082"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}