Vulnerability Description
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toshiba | Bluetooth Stack | 9.10.27\(t\) |
| Microsoft | Windows | All versions |
| Toshiba | Service Station | <= 2.2.13 |
References
- http://jvn.jp/vu/JVNVU99205169/index.html
- http://www.kb.cert.org/vuls/id/632140Third Party AdvisoryUS Government Resource
- http://www.securitytracker.com/id/1031825
- http://www.support.toshiba.com/sscontent?contentId=4007185
- http://www.support.toshiba.com/sscontent?contentId=4007187
- http://jvn.jp/vu/JVNVU99205169/index.html
- http://www.kb.cert.org/vuls/id/632140Third Party AdvisoryUS Government Resource
- http://www.securitytracker.com/id/1031825
- http://www.support.toshiba.com/sscontent?contentId=4007185
- http://www.support.toshiba.com/sscontent?contentId=4007187
FAQ
What is CVE-2015-0884?
CVE-2015-0884 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse applicati...
How severe is CVE-2015-0884?
CVE-2015-0884 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0884?
Check the references section above for vendor advisories and patch information. Affected products include: Toshiba Bluetooth Stack, Microsoft Windows, Toshiba Service Station.