MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
Medium Nessus Plugin ID 85334
SynopsisThe remote Windows host is affected by an information disclosure vulnerability.
DescriptionThe remote Windows host is affected by an information disclosure vulnerability when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode (EPM). An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in IE with EPM, and then executing Excel, Notepad, PowerPoint, Visio, or Word using an unsafe command line parameter.
SolutionMicrosoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.