CVE-2015-8264 Information

Description

Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2016/Mar/64 http://www.securityfocus.com/archive/1/537803/100/0/threaded http://www.securityfocus.com/bid/79657 https://www.f-secure.com/en/web/labs_global/fsc-2015-4

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8