VYPR

CWE-426

Untrusted Search Path

BaseStableLikelihood: High

Description

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-38

CVEs mapped to this weakness (241)

page 8 of 13
  • CVE-2017-2156HigApr 28, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.

  • CVE-2017-2130HigApr 28, 2017
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2108HigApr 28, 2017
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2107HigApr 28, 2017
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2016-4846HigApr 21, 2017
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2.

  • CVE-2017-3007HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.00

    Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.

  • CVE-2017-2983HigMar 14, 2017
    risk 0.51cvss 7.8epss 0.02

    Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege.

  • CVE-2017-6798HigMar 10, 2017
    risk 0.51cvss 7.8epss 0.02

    Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.

  • CVE-2017-5235HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.00

    Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5234HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.00

    Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5233HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.00

    Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2017-5232HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.00

    All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

  • CVE-2016-6167HigJan 30, 2017
    risk 0.51cvss 7.8epss 0.00

    Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.

  • CVE-2016-1281HigJan 23, 2017
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.

  • CVE-2016-10009HigJan 5, 2017
    risk 0.51cvss 7.3epss 0.01

    Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

  • CVE-2016-7085HigDec 29, 2016
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2016-7300HigDec 20, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability."

  • CVE-2016-9274HigNov 11, 2016
    risk 0.51cvss 7.8epss 0.00

    Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.

  • CVE-2016-0014HigJan 13, 2016
    risk 0.51cvss 7.8epss 0.03

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Elevation of Privilege Vulnerability."

  • CVE-2017-11657HigAug 4, 2017
    risk 0.50cvss 7.3epss 0.00

    Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.