CVE-2015-0016

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue is related to a directory traversal vulnerability in the TS WebProxy component, which allows remote attackers to gain privileges via a crafted pathname in an executable file. This can lead to a transition from Low Integrity to Medium Integrity. The vulnerability is associated with insufficient checking of the pathname to a directory with restricted access.

Recommendations For Microsoft Windows versions prior to the fixed version, consider disabling the TS WebProxy component until a patch is available. Restrict access to the TS WebProxy component to minimize the risk of exploitation. Avoid using crafted pathnames in executable files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.