CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2018-02-02
High
CVE-2018-6318

Vendor: Sophos
Software: Sophos tester
 

 
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.

 
2018-01-31
High
CVE-2018-6475

Vendor: Superantispyware
Software: Superantispyware
 

 
In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.

 
2018-01-26
High
CVE-2018-0507

Vendor: Ntt-east
Software: Flet's virus...
 

 
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

 
2018-01-19
Medium
CVE-2017-7327

Vendor: Yandex
Software: Yandex browser
 

 
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.

 
2018-01-17
Medium
CVE-2017-5696

Vendor: Intel
Software: Graphics driver
 

 
Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access.

 
2018-01-07
Medium
CVE-2017-15913

Vendor: Navercorp
Software: Whale
 

 
The Installer in Whale allows DLL hijacking.

 
2017-12-27
Medium
CVE-2017-17010

Vendor: SONY
Software: Content mana...
 

 
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

 
2017-12-22
High
CVE-2017-10909

Vendor: SONY
Software: Music center
 

 
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

 
2017-12-20
Medium
CVE-2017-17809

Updating...
 

 
In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.

 
2017-12-17
High
CVE-2017-16997

Vendor: GNU
Software: Glibc
 

 
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top