CVE-2015-7358

Name of the Vulnerable Software and Affected Versions TrueCrypt version 7.0 VeraCrypt versions prior to 1.15 CipherShed (affected versions not specified)

Description The issue arises from the IsDriveLetterAvailable method in Driver/Ntdriver.c, which fails to properly validate drive letter symbolic links when running on Windows. This allows local users to mount an encrypted volume over an existing drive letter, potentially gaining privileges via an entry in the /GLOBAL?? directory.

Recommendations For TrueCrypt version 7.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For VeraCrypt versions prior to 1.15: Update to version 1.15 or later to resolve the issue. For CipherShed: At the moment, there is no information about a newer version that contains a fix for this vulnerability.