Zero-day vulnerability in Windows

Insecure dll. library loading

According to Trustwave it is a zero-day.
Vulnerability CVE-2015-0096 is a continuation of CVE-2010-2568, which was believed to have been patched by MS10-046. However, it was not completely and we see this with MS15-018. At the time of the patch release there were fully functional exploits for this particular vulnerability.

Vulnerability details

Advisory: SB2015031002 - Two remote code execution vulnerabilities in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2015-0096

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-426 - Untrusted Search Path


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the way Microsoft Windows parses shortcuts. A remote attacker can place a specially crafted .dll file along with an icon file on a remote SMB or WebDav share, trick the victim into opening that document and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability was being actively exploited.

Public Exploits: