Vulnerabilities > CVE-2015-0884 - Unspecified vulnerability in Toshiba Bluetooth Stack and Service Station

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

toshiba

microsoft

NVD

Published: 2015-02-28

Updated: 2015-11-19

Summary

Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. <a href="http://cwe.mitre.org/data/definitions/428.html">CWE-428: Unquoted Search Path or Element</a>

Vulnerable Configurations

Part	Description	Count
Application	Toshiba Toshiba Bluetooth Stack 9.10.27\(T\) Toshiba Service Station *	2
OS	Microsoft Microsoft Windows *	1

References

http://jvn.jp/vu/JVNVU99205169/index.html
http://www.kb.cert.org/vuls/id/632140
http://www.securitytracker.com/id/1031825
http://www.support.toshiba.com/sscontent?contentId=4007185
http://www.support.toshiba.com/sscontent?contentId=4007187