CVE-2015-1769

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.6 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_7
-
microsoftwindows_8
-
microsoftwindows_8.1
-
microsoftwindows_rt
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_vista
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx
http://www.securitytracker.com/id/1033244
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085
http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx
http://www.securitytracker.com/id/1033244
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1769