FKIE_CVE-2015-3999

Vulnerability from fkie_nvd - Published: 2015-05-20 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.
References
cve@mitre.orghttp://seclists.org/fulldisclosure/2015/May/72
cve@mitre.orghttp://www.securityfocus.com/bid/74714
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/May/72
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74714
Impacted products
Vendor Product Version
piriform ccleaner 3.26.1888
piriform ccleaner 3.27.1900
piriform ccleaner 3.28.1913
piriform ccleaner 4.00.4064
piriform ccleaner 4.01.4093
piriform ccleaner 4.02.4115
piriform ccleaner 4.03.4151
piriform ccleaner 4.04.4197
piriform ccleaner 4.05.4250
piriform ccleaner 4.06.4324
piriform ccleaner 4.07.4369
piriform ccleaner 4.08.4428
piriform ccleaner 4.09.4471
piriform ccleaner 4.10.4570
piriform ccleaner 4.11.4619
piriform ccleaner 4.12.4657
piriform ccleaner 4.13.4693
piriform ccleaner 4.14.4707
piriform ccleaner 4.15.4725
piriform ccleaner 4.16.4763
piriform ccleaner 4.17.4808
piriform ccleaner 4.18.4844
piriform ccleaner 4.19.4867
piriform ccleaner 5.00.5050
piriform ccleaner 5.01.5075
piriform ccleaner 5.02.5101
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:3.26.1888:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3DAC1AA-3F82-45C7-A2B6-29FB14AE0FE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:3.27.1900:*:*:*:*:*:*:*",
              "matchCriteriaId": "D840239F-0C9F-4586-83C5-AB02958DD93B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:3.28.1913:*:*:*:*:*:*:*",
              "matchCriteriaId": "349A181E-0B45-4B8E-9A8D-CA4773B6E307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.00.4064:*:*:*:*:*:*:*",
              "matchCriteriaId": "3998EF54-775C-4ECD-922C-1EAB3485DDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.01.4093:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D3358F5-47FE-4552-A0E3-CC92F6EA6784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.02.4115:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDCA3BC8-14C3-4506-94E5-FE6E998196D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.03.4151:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71303B7-544F-4300-A531-EA6991111B88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.04.4197:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C69B5C-7586-4A4F-919C-75B6B166C3EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.05.4250:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C9F4E8-1173-4513-B379-9438630D1193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.06.4324:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD819CE5-0E05-4C32-AC10-34CFBC2D0FC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.07.4369:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2ABE6FE-AC6F-4DD2-B092-4F91E4E49FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.08.4428:*:*:*:*:*:*:*",
              "matchCriteriaId": "65EE2FAE-71E9-4230-8496-E74412370B24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.09.4471:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEF67437-25C5-48AE-91D0-E4933E86AF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.10.4570:*:*:*:*:*:*:*",
              "matchCriteriaId": "13427C09-CFFB-47E5-84AD-154EE397A201",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.11.4619:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1037F48-8A62-4832-86E7-001A14D811E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.12.4657:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C869D71-62AB-42E9-BBB1-8868802685E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.13.4693:*:*:*:*:*:*:*",
              "matchCriteriaId": "E82D53EE-0535-4055-BB0C-025B00D352FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.14.4707:*:*:*:*:*:*:*",
              "matchCriteriaId": "6385F76D-C122-4EC3-9364-3282915E6129",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.15.4725:*:*:*:*:*:*:*",
              "matchCriteriaId": "E113BB9A-72C3-4B1E-9FB9-006B7871F806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.16.4763:*:*:*:*:*:*:*",
              "matchCriteriaId": "08CC2F28-22F4-477A-B4AF-14B11CF3EE45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.17.4808:*:*:*:*:*:*:*",
              "matchCriteriaId": "24B1B936-2F24-4088-8CBD-5C24F5C47625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.18.4844:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4318DC-A9E4-4D2F-9698-E72DD005122F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:4.19.4867:*:*:*:*:*:*:*",
              "matchCriteriaId": "53889D64-47B6-466B-8E4F-20EF376A4730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:5.00.5050:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9348C7A-76D9-4B30-AEE7-F60524E1D839",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:5.01.5075:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB724ED-7EA8-407A-851C-CDAC8A61519C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:piriform:ccleaner:5.02.5101:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28CC9B4-040D-4818-A651-2656953D337A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space."
    },
    {
      "lang": "es",
      "value": "Piriform CCleaner 3.26.0.1988 hasta 5.02.5101 escribe los nombres de ficheros en el disco cuando sobrescribe ficheros, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la b\u00fasqueda en espacios de disco no asignados."
    }
  ],
  "id": "CVE-2015-3999",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-20T18:59:07.200",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2015/May/72"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2015/May/72"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74714"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.