CVE-2015-2368

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 7 SP1 through 8.1 Microsoft Windows Server versions 2008 R2 SP1 through 2012 R2

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. A remote code execution vulnerability exists when Microsoft Windows improperly handles the loading of dynamic link library (DLL) files. An attacker who successfully exploited the issue could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. To exploit the issue, an attacker would first have to place a specially crafted DLL file in the target user’s current working directory and then convince the user to launch a program that is designed to load a trusted DLL file but instead loads the attacker’s specially crafted DLL file.

Recommendations For Microsoft Windows versions 7 SP1 through 8.1, restrict access to the current working directory to minimize the risk of exploitation. For Microsoft Windows Server versions 2008 R2 SP1 through 2012 R2, avoid loading untrusted DLL files until a patch is available. As a temporary workaround, consider disabling the loading of DLL files from the current working directory until a patch is available.