// For flags

CVE-2015-1484

 

Severity Score

6.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

Vulnerabilidad de ruta de búsqueda de Windows no citado en el agente en Symantec Workspace Streaming (SWS) 6.1 anterior a SP8 MP2 HF7 y 7.5 anterior a SP1 HF4, cuando AppMgrService.exe está configurado como servicio, permite a usuarios locales ganar privilegios a través de un fichero ejecutable troyano en el directorio %SYSTEMDRIVE%, tal y como fue demostrado por program.exe.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-02-05 CVE Reserved
  • 2015-04-22 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
 Workspace Streaming
Search vendor "Symantec" for product "Workspace Streaming"
 6.1
Search vendor "Symantec" for product "Workspace Streaming" and version "6.1"
sp8
Affected
Symantec
Search vendor "Symantec"
 Workspace Streaming
Search vendor "Symantec" for product "Workspace Streaming"
 7.5
Search vendor "Symantec" for product "Workspace Streaming" and version "7.5"
sp1
Affected