Main Vulnerability Database Vulnerabilities #VU40773

Information disclosure in CCleaner - CVE-2015-3999

Published: May 20, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40773

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-3999

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Piriform Ltd.

Affected software:
CCleaner

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.

How to mitigate CVE-2015-3999

Install update from vendor's website.

Sources

http://seclists.org/fulldisclosure/2015/May/72
http://www.securityfocus.com/bid/74714

Information disclosure in CCleaner - CVE-2015-3999

Detailed vulnerability description

How to mitigate CVE-2015-3999

Sources

Please verify you're human