VYPR

CWE-426

Untrusted Search Path

BaseStableLikelihood: High

Description

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-38

CVEs mapped to this weakness (355)

page 6 of 18
  • CVE-2017-17809HigDec 20, 2017
    risk 0.51cvss 7.8epss 0.01

    In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this…

  • CVE-2017-16997HigDec 18, 2017
    risk 0.51cvss 7.8epss 0.03

    elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory,…

  • CVE-2017-11397HigDec 16, 2017
    risk 0.51cvss 7.8epss 0.02

    A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.

  • CVE-2017-16690HigDec 12, 2017
    risk 0.51cvss 7.8epss 0.01

    A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder…

  • CVE-2017-13070HigDec 11, 2017
    risk 0.51cvss 7.8epss 0.02

    A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.

  • CVE-2017-10893HigDec 8, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-17069HigDec 6, 2017
    risk 0.51cvss 7.8epss 0.02

    ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.

  • CVE-2017-10892HigDec 1, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-10891HigDec 1, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-8137HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking.

  • CVE-2017-4939HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.01

    VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

  • CVE-2017-10887HigNov 17, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-10885HigNov 13, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2016-6803HigNov 13, 2017
    risk 0.51cvss 7.8epss 0.02

    An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer…

  • CVE-2017-10825HigNov 2, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-15566HigNov 1, 2017
    risk 0.51cvss 7.8epss 0.01

    Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.

  • CVE-2017-5996HigOct 26, 2017
    risk 0.51cvss 7.8epss 0.01

    The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.

  • CVE-2017-10865HigOct 12, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863.

  • CVE-2017-10864HigOct 12, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-10863HigOct 12, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865.