CVE-2015-2264

Name of the Vulnerable Software and Affected Versions Telerik Analytics Monitor Library versions prior to 3.2.125

Description The issue concerns untrusted search path vulnerabilities in certain DLL files within the Telerik Analytics Monitor Library. This could allow local users to gain privileges by utilizing a Trojan horse file, such as csunsapi.dll, swift.dll, nfhwcrhk.dll, or surewarehook.dll, placed in an unspecified directory.

Recommendations For versions prior to 3.2.125, update to version 3.2.125 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected DLL files EQATEC.Analytics.Monitor.Win32 vc100.dll and EQATEC.Analytics.Monitor.Win32 vc100-x64.dll to minimize the risk of exploitation. Avoid placing untrusted files in directories that could be used by the Telerik Analytics Monitor Library to load DLLs.