CVE-2015-1496
Motorola Scanner SDK ScannerService.exe Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.
Motorola Scanner SDK utiliza permisos débiles para (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, y (3) ScannerService.exe, lo que permite a usuarios locales ganar privilegios a través de vectores no especificados.
This vulnerability allows local attackers to execute arbitrary code with elevated privileges on vulnerable installations of Motorola Scanner SDK. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the file permissions (ACLs) on an installed directory. ScannerService.exe is vulnerable to tampering by all users. A local attacker can leverage this vulnerability to raise privileges and execute code under the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-05 CVE Reserved
- 2015-02-10 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-15-035 | X_refsource_misc |
|
| http://www.zerodayinitiative.com/advisories/ZDI-15-036 | X_refsource_misc |
|
| http://www.zerodayinitiative.com/advisories/ZDI-15-037 | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.motorolasolutions.com/Support/US-EN/Resolution?solutionId=87666 | 2015-02-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Motorola Search vendor "Motorola" | Motorola Scanner Sdk Search vendor "Motorola" for product "Motorola Scanner Sdk" | - | - |
Affected
| ||||||