Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-1417

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-23 Jan, 2017 | 21:00
Updated At-05 Aug, 2024 | 22:55
Rejected At-
Credits

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:23 Jan, 2017 | 21:00
Updated At:05 Aug, 2024 | 22:55
Rejected At:
▼CVE Numbering Authority (CNA)

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1036936
vdb-entry
x_refsource_SECTRACK
http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
x_refsource_MISC
http://www.securityfocus.com/bid/93269
vdb-entry
x_refsource_BID
http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
x_refsource_MISC
http://www.securityfocus.com/archive/1/539579/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securitytracker.com/id/1036936
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/93269
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/539579/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1036936
vdb-entry
x_refsource_SECTRACK
x_transferred
http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/93269
vdb-entry
x_refsource_BID
x_transferred
http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/539579/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036936
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/93269
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/539579/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:23 Jan, 2017 | 21:59
Updated At:20 Apr, 2025 | 01:37

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
snort
snort
>>snort>>2.9.7.0
cpe:2.3:a:snort:snort:2.9.7.0:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarynvd@nist.gov
CWE ID: CWE-426
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txtpsirt@cisco.com
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.htmlpsirt@cisco.com
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/539579/100/0/threadedpsirt@cisco.com
N/A
http://www.securityfocus.com/bid/93269psirt@cisco.com
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036936psirt@cisco.com
Exploit
Third Party Advisory
VDB Entry
http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/539579/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/93269af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036936af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
Source: psirt@cisco.com
Resource:
Exploit
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
Source: psirt@cisco.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/539579/100/0/threaded
Source: psirt@cisco.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/93269
Source: psirt@cisco.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036936
Source: psirt@cisco.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/539579/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/93269
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036936
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

116Records found
CVE-2016-4900
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.26%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-evernoteEvernote
Product-evernoteEvernote for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-13102
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.72%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 16:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.

Action-Not Available
Vendor-anydeskn/aMicrosoft Corporation
Product-windows_7anydeskn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-12245
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.37%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated.

Action-Not Available
Vendor-Symantec Corporation
Product-endpoint_protectionSymantec Endpoint Protection (SEP)
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-12449
Matching Score-4
Assigner-Naver Corporation
ShareView Details
Matching Score-4
Assigner-Naver Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 45.08%
||
7 Day CHG~0.00%
Published-11 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.

Action-Not Available
Vendor-navercorpNAVER Corporation
Product-whaleWhale Browser Installer
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0594
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-2.34% / 84.24%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-skypewindowsSkype for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-12589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.35% / 79.30%
||
7 Day CHG~0.00%
Published-28 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.

Action-Not Available
Vendor-polarisofficen/a
Product-polaris_office_2017n/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-10650
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-23 May, 2018 | 17:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenmobile_servern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0609
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.65%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-linecorpn/a
Product-linen/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0516
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-16 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-fletsNIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION
Product-address_selection_toolFLET'S v4 / v6 address selection tool
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1000201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.71%
||
7 Day CHG~0.00%
Published-22 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.

Action-Not Available
Vendor-ruby-ffi_projectn/aMicrosoft Corporation
Product-windowsruby-ffin/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0648
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.65%
||
7 Day CHG~0.00%
Published-07 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-chatworkChatWork Co,. LTD.
Product-chatworkInstaller of ChatWork Desktop App for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0656
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.65%
||
7 Day CHG~0.00%
Published-04 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group Corporation
Product-digital_paper_appThe installer of Digital Paper App
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0667
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.65%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 03:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-mncMICRONET CORPORATION
Product-inplc-rt_sdk_expressinplc_sdk_pro\+Installer of INplc SDK Express 3.08 and earlier and Installer of INplc SDK Pro+ 3.08 and earlier
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0624
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.06%
||
7 Day CHG~0.00%
Published-07 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.

Action-Not Available
Vendor-yayoi-kkYayoi Co., Ltd.
Product-aoiro_shinkokukyuuyo_keisankokyaku_kanrikaikeihanbaikyuuyoMultiple Yayoi 17 Series products
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0596
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-2.34% / 84.24%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_communityThe installer of Visual Studio Community
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0597
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-2.34% / 84.24%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeThe installer of Visual Studio Code
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0593
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-2.34% / 84.24%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-onedriveThe installer of Microsoft OneDrive
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0620
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-logitechLogicool Co Ltd.
Product-game_softwarethe installer of LOGICOOL Game Software
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0580
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.03%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 13:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-The CELSYS, Inc.
Product-clip_studio_actionclip_studio_modelerclip_studio_paintCLIP STUDIO series
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0552
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 13:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. 5.1.26 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-securebrainSecureBrain Corporation
Product-phishwall_clientThe installer of PhishWall Client Firefox and Chrome edition for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0600
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.65%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group CorporationMicrosoft Corporation
Product-windowsplaymemories_homethe installer of PlayMemories Home for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0517
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.06%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-kddiKDDI CORPORATION
Product-anshin_net_securityAnshin net security for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0592
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.44% / 79.93%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-onedriveMicrosoft OneDrive
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0540
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.06%
||
7 Day CHG~0.00%
Published-22 Mar, 2018 | 13:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-vix_projectK_OKADA
Product-vixViX
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0595
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-2.34% / 84.24%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft Corporation
Product-skypewindowsThe installer of Skype for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0515
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-16 Feb, 2018 | 17:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" version 1.5.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-fletsNIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION
Product-azukeru_backup_tool"FLET'S Azukeru Backup Tool"
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0621
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-logitechLogicool Co Ltd.
Product-connection_utility_softwarethe installer of LOGICOOL CONNECTION UTILITY SOFTWARE
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0623
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.21% / 43.06%
||
7 Day CHG~0.00%
Published-07 Sep, 2018 | 14:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products.

Action-Not Available
Vendor-yayoi-kkYayoi Co., Ltd.
Product-aoiro_shinkokukyuuyo_keisankokyaku_kanrikaikeihanbaikyuuyoMultiple Yayoi 17 Series products
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-11351
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.90% / 74.70%
||
7 Day CHG~0.00%
Published-19 Apr, 2019 | 20:53
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.

Action-Not Available
Vendor-teamspeakn/a
Product-teamspeakn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-10971
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.18%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 15:03
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories.

Action-Not Available
Vendor-omronn/a
Product-network_configurator_for_devicenet_safetyNetwork Configurator for DeviceNet Safety
CWE ID-CWE-426
Untrusted Search Path
CVE-2015-8264
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.44%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe.

Action-Not Available
Vendor-n/aF-Secure Corporation
Product-f-secure_online_scannern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-17010
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.17% / 39.04%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Sony Group Corporation
Product-content_manager_assistantContent Manager Assistant for PlayStation
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-7239
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.42%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-
Product-atv71_dtmatv212_dtmatv_lift_dtmatv12_dtmatv32_dtmatv320_dtmatv600_dtmatv312_dtmatv340_dtmatv31_dtmatv61_dtmsomoveatv900_dtmSoMove
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6514
Matching Score-4
Assigner-Perforce
ShareView Details
Matching Score-4
Assigner-Perforce
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.27%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 20:00
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.

Action-Not Available
Vendor-Perforce Software, Inc. ("Puppet")Microsoft Corporation
Product-windowspuppetPuppet Agent
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-17980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.61% / 85.05%
||
7 Day CHG~0.00%
Published-15 Oct, 2018 | 19:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).

Action-Not Available
Vendor-nomachinen/a
Product-nomachinen/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-18367
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.65%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 19:22
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Action-Not Available
Vendor-Symantec Corporation
Product-endpoint_protection_managerSymantec Endpoint Protection Manager
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-16176
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.40%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-jaeaJapan Atomic Energy Agency
Product-mapping_toolInstaller of Mapping Tool
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-18369
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.65%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 16:55
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Action-Not Available
Vendor-Symantec Corporation
Product-endpoint_protection_cloudendpoint_protection_cloud_agentendpoint_protectionnorton_securitySymantec Endpoint Protection Small Business EditionNorton Security
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-5232
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.27%
||
7 Day CHG~0.00%
Published-02 Mar, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

Action-Not Available
Vendor-Rapid7 LLC
Product-nexposeNexpose
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-0619
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 17:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-glarysoftGlarysoft Ltd.
Product-glary_utilitiesInstaller of Glary Utilities
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-7327
Matching Score-4
Assigner-Yandex N.V.
ShareView Details
Matching Score-4
Assigner-Yandex N.V.
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.65%
||
7 Day CHG~0.00%
Published-19 Jan, 2018 | 17:00
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.

Action-Not Available
Vendor-yandexYandex N.V.
Product-yandex_browserYandex Browser for Desktop
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-18519
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.99%
||
7 Day CHG~0.00%
Published-19 Nov, 2018 | 08:00
Updated-05 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.

Action-Not Available
Vendor-bestxsoftwaren/a
Product-best_free_keyloggern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-7755
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.35%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-4939
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.17% / 39.09%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-workstationWorkstation
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-5235
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.96%
||
7 Day CHG~0.00%
Published-02 Mar, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.

Action-Not Available
Vendor-Rapid7 LLC
Product-metasploitMetasploit Pro
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2167
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.00%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.

Action-Not Available
Vendor-softbankSoftBank Corporation
Product-primedrive_desktop_applicationInstaller for PrimeDrive Desktop Application
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2229
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.28%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei System Ver1.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-douroshisetuNational Institute for Land and Infrastructure Management
Product-kihon_data_sakusei_systemDouroshisetu Kihon Data Sakusei System
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2225
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 67.87%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-mextMinistry of Education, Culture, Sports, Science and Technology (MEXT)
Product-ebidsettingcheckerEbidSettingChecker.exe
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2130
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.24%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-securebrainSecureBrain Corporation
Product-phishwall_clientThe installer of PhishWall Client Internet Explorer version
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2226
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.53%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-ntaNational Tax Agency
Product-e-taxSetup file of advance preparation for e-Tax software (WEB version)
CWE ID-CWE-426
Untrusted Search Path
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found