CVE-2015-0884

Summary

CVE	CVE-2015-0884
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-02-28 02:59:00 UTC
Updated	2015-11-19 17:00:00 UTC
Description	Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Microsoft	Windows	All	All	All	All
Operating System	Microsoft	Windows	All	All	All	All
Application	Toshiba	Bluetooth Stack	9.10.27(t)	All	All	All
Application	Toshiba	Bluetooth Stack	9.10.27\(t\)	All	All	All
Application	Toshiba	Bluetooth Stack	9.10.27\(t\)	All	All	All
Application	Toshiba	Service Station	All	All	All	All

References

Reference	Source	Link	Tags
Toshiba Bluetooth Stack Security Update	CONFIRM	www.support.toshiba.com
Toshiba Bluetooth Stack Untrusted Service Path Lets Local Users Gain System Privileges - SecurityTracker	SECTRACK	www.securitytracker.com
Vulnerability Note VU#632140 - Multiple Toshiba products are vulnerable to trusted service path privilege escalation	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
Toshiba Service Station Security Update	CONFIRM	www.support.toshiba.com
JVNVU#99205169: Bluetooth Stack for Windows by Toshiba および TOSHIBA Service Station に権限昇格の脆弱性	MISC	jvn.jp
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.