CVE-2020-15264
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15264
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15264.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15264
- Related
- Published
- 2020-10-20T21:15:12Z
- Modified
- 2025-10-15T12:03:43.032136Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0
- References
Affected packages
Git / github.com/chocolatey/boxstarter
Affected ranges
- Type
- GIT
- Repo
- https://github.com/chocolatey/boxstarter
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1
1.*
1.0
1.1
2.*
2.0
2.1
2.10
2.12
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
v2.*
v2.10.0
v2.10.3
v2.11.0
v2.12.0
v2.4.110
v2.4.123
v2.4.128
v2.4.146
v2.4.149
v2.4.152
v2.4.157
v2.4.159
v2.4.180
v2.4.183
v2.4.188
v2.4.196
v2.4.205
v2.4.209
v2.4.93
v2.5.1
v2.5.10
v2.5.19
v2.5.21
v2.5.3
v2.6.0
v2.6.16
v2.6.2
v2.6.20
v2.6.25
v2.6.41
v2.7.0
v2.8.0
v2.8.12
v2.8.18
v2.8.21
v2.8.27
v2.8.29
v2.9.0
v2.9.1
v2.9.14
v2.9.2
v2.9.24
v2.9.26
v2.9.3
v2.9.5