Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-2175

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-22 May, 2017 | 16:00
Updated At-05 Aug, 2024 | 13:48
Rejected At-
Credits

Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:22 May, 2017 | 16:00
Updated At:05 Aug, 2024 | 13:48
Rejected At:
â–¼CVE Numbering Authority (CNA)

Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected Products
Vendor
INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product
Empirical Project Monitor - eXtended
Versions
Affected
  • all versions
Problem Types
TypeCWE IDDescription
textN/AUntrusted search path vulnerability
Type: text
CWE ID: N/A
Description: Untrusted search path vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ipa.go.jp/sec/info/20170519.html
x_refsource_CONFIRM
https://jvn.jp/en/jp/JVN12493656/index.html
third-party-advisory
x_refsource_JVN
http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098
third-party-advisory
x_refsource_JVNDB
Hyperlink: https://www.ipa.go.jp/sec/info/20170519.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://jvn.jp/en/jp/JVN12493656/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098
Resource:
third-party-advisory
x_refsource_JVNDB
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.ipa.go.jp/sec/info/20170519.html
x_refsource_CONFIRM
x_transferred
https://jvn.jp/en/jp/JVN12493656/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: https://www.ipa.go.jp/sec/info/20170519.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN12493656/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:22 May, 2017 | 16:29
Updated At:13 May, 2026 | 00:24

Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches

ipa
ipa
>>empirical_project_monitor_-_extended>>-
cpe:2.3:a:ipa:empirical_project_monitor_-_extended:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarynvd@nist.gov
CWE ID: CWE-426
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098vultures@jpcert.or.jp
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN12493656/index.htmlvultures@jpcert.or.jp
Third Party Advisory
VDB Entry
https://www.ipa.go.jp/sec/info/20170519.htmlvultures@jpcert.or.jp
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://jvn.jp/en/jp/JVN12493656/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://www.ipa.go.jp/sec/info/20170519.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://jvn.jp/en/jp/JVN12493656/index.html
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.ipa.go.jp/sec/info/20170519.html
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://jvn.jp/en/jp/JVN12493656/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.ipa.go.jp/sec/info/20170519.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

215Records found

CVE-2017-10820
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.13% / 62.44%
||
7 Day CHG~0.00%
Published-04 Aug, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-ipaH.Shirouzu / Asahi Net, Inc.
Product-ip_messengerInstaller of IP Messenger for Win
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-6019
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.76% / 50.58%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 15:16
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-stamp_workbenchSTAMP Workbench installer
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2220
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.91% / 55.65%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-casl_ii_simulatorInstaller of CASL II simulator(self-extract format)
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2128
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.60% / 72.78%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.

Action-Not Available
Vendor-information-technology_promotion_agencyINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-introduction_to_safe_website_operationSecurity guide for website operators
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-2100
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-6.3||MEDIUM
EPSS-0.96% / 57.08%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2181
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.51% / 71.28%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2182
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.51% / 71.28%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2179
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-2.33% / 81.41%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2099
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-6.3||MEDIUM
EPSS-1.50% / 71.18%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2012-5631
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.84% / 76.37%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:08
Updated-06 Aug, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ipa 3.0 does not properly check server identity before sending credential containing cookies

Action-Not Available
Vendor-freeipaipa
Product-freeipaipa
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2017-2102
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.77% / 51.06%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-2269
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-resume-nextTomoki Fuke
Product-filecapsule_deluxe_portableFileCapsule Deluxe Portable
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2802
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-1.17% / 63.48%
||
7 Day CHG-0.01%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.

Action-Not Available
Vendor-Dell Inc.
Product-precision_optimizerDell
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2247
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-chitoraChitora soft
Product-lhazSelf-extracting archive files created by Lhaz
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2267
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-resume-nextTomoki Fuke
Product-filecapsule_deluxe_portableFileCapsule Deluxe Portable
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2279
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.08% / 61.03%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-kiriKiri
Product-tweenTween
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2130
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.74% / 74.90%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-securebrainSecureBrain Corporation
Product-phishwall_clientThe installer of PhishWall Client Internet Explorer version
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-8461
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-7.8||HIGH
EPSS-1.12% / 62.31%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 20:41
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

Action-Not Available
Vendor-n/aCheck Point Software Technologies Ltd.
Product-capsule_docs_standalone_clientendpoint_securityremote_access_clientsCheck Point Endpoint Security Initial Client for Windows
CWE ID-CWE-114
Process Control
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-15295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.42% / 69.65%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 17:16
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path.

Action-Not Available
Vendor-n/aBitdefender
Product-antivirus_2020n/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2167
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.88% / 76.92%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.

Action-Not Available
Vendor-softbankSoftBank Corporation
Product-primedrive_desktop_applicationInstaller for PrimeDrive Desktop Application
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2232
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.08% / 61.03%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-mojThe Ministry of Justice
Product-shinseiyo_sogo_softInstaller of Shinseiyo Sogo Soft
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2268
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-resume-nextTomoki Fuke
Product-filecapsule_deluxe_portableEncrypted files in self-decryption format created by FileCapsule Deluxe Portable
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2266
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-resume-nextTomoki Fuke
Product-filecapsule_deluxe_portableEncrypted files in self-decryption format created by FileCapsule Deluxe Portable
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2227
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.91% / 55.58%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-charaminCharamin steering committee
Product-ompThe installer of Charamin OMP
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2218
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.73% / 49.89%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.
Product-windowsquicktimeInstaller of QuickTime for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-2249
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.37%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-chitoraChitora soft
Product-lhaz\+Self-extracting archive files created by Lhaz+
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-12569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-15.04% / 96.32%
||
7 Day CHG~0.00%
Published-03 Jun, 2019 | 00:50
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.

Action-Not Available
Vendor-rakutenn/a
Product-vibern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-12574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.11% / 79.53%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 19:55
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM.

Action-Not Available
Vendor-londontrustmedian/aMicrosoft Corporation
Product-private_internet_access_vpn_clientwindowsn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6475
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.96% / 57.33%
||
7 Day CHG~0.00%
Published-31 Jan, 2018 | 19:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.

Action-Not Available
Vendor-superantispywaren/a
Product-superantispywaren/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-10971
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-1.06% / 60.30%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 15:03
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories.

Action-Not Available
Vendor-omronn/a
Product-network_configurator_for_devicenet_safetyNetwork Configurator for DeviceNet Safety
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-1010100
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-7.8||HIGH
EPSS-1.33% / 67.63%
||
7 Day CHG~0.00%
Published-19 Jul, 2019 | 15:37
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order hijacking. The impact is: Arbitrary code execution WITH escalation of privilege. The component is: Executable installers, portable executables (ALL executables on the web site). The attack vector is: CAPEC-471, CWE-426, CWE-427.

Action-Not Available
Vendor-akeoAkeo Consulting
Product-rufusRufus
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-11748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.83% / 52.91%
||
7 Day CHG~0.00%
Published-30 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file.

Action-Not Available
Vendor-softonicn/a
Product-spider_playern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-0809
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.55% / 95.22%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:30
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2017Microsoft Visual Studio 2017
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-10821
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.24% / 65.50%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Action-Not Available
Vendor-METI (Agency for Natural Resources and Energy)
Product-shin_kikan_toukei_houkoku_data_nyuryokuyou_programInstaller for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30)
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-7884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.94% / 56.71%
||
7 Day CHG~0.00%
Published-05 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.

Action-Not Available
Vendor-displaylinkn/a
Product-core_software_cleanern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6318
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.05% / 60.14%
||
7 Day CHG~0.00%
Published-02 Feb, 2018 | 21:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-sophos_testern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6700
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.94% / 56.51%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
True Key (TK) - DLL Search Order Hijacking vulnerability

DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.

Action-Not Available
Vendor-McAfee, LLC
Product-true_keyTrue Key (TK)
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6661
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.81% / 52.51%
||
7 Day CHG~0.00%
Published-02 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TS102801 True Key DLL Side-Loading vulnerability

DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowstrue_keyTrue Key
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6514
Matching Score-4
Assigner-Perforce
ShareView Details
Matching Score-4
Assigner-Perforce
CVSS Score-7.8||HIGH
EPSS-0.85% / 53.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 20:00
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.

Action-Not Available
Vendor-Perforce Software, Inc. ("Puppet")Microsoft Corporation
Product-windowspuppetPuppet Agent
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6461
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.81% / 75.95%
||
7 Day CHG~0.00%
Published-05 Feb, 2018 | 07:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.

Action-Not Available
Vendor-march-haren/aMicrosoft Corporation
Product-windowswincvsn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-6306
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.8||HIGH
EPSS-2.65% / 83.78%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.

Action-Not Available
Vendor-Kaspersky Lab
Product-password_managerKaspersky Password Manager
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-7239
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-2.91% / 85.30%
||
7 Day CHG~0.00%
Published-09 Mar, 2018 | 23:00
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-
Product-atv71_dtmatv212_dtmatv_lift_dtmatv12_dtmatv32_dtmatv320_dtmatv600_dtmatv312_dtmatv340_dtmatv31_dtmatv61_dtmsomoveatv900_dtmSoMove
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-5003
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.87% / 90.98%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-windowscreative_cloudAdobe Creative Cloud Desktop Application before 4.5.5.342
CWE ID-CWE-426
Untrusted Search Path
CVE-2016-4846
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.8||HIGH
EPSS-1.47% / 70.68%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2.

Action-Not Available
Vendor-securebrainn/a
Product-phishwall_clientn/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-4927
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.65% / 88.24%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmac_os_xInDesign 13.0 and below
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-18367
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.8||HIGH
EPSS-1.66% / 73.72%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 19:22
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Endpoint Protection Manager (SEPM) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Action-Not Available
Vendor-Symantec Corporation
Product-endpoint_protection_managerSymantec Endpoint Protection Manager
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-17980
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-4.55% / 90.43%
||
7 Day CHG~0.00%
Published-15 Oct, 2018 | 19:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).

Action-Not Available
Vendor-nomachinen/a
Product-nomachinen/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-1888
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.24% / 65.67%
||
7 Day CHG~0.00%
Published-04 Jan, 2019 | 15:00
Updated-16 Sep, 2024 | 23:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted search path vulnerability in IBM i Access for Windows versions 7.1 and earlier on Windows can allow arbitrary code execution via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. IBM X-Force ID: 152079.

Action-Not Available
Vendor-IBM Corporation
Product-i_accessi Access for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-18519
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.77% / 51.11%
||
7 Day CHG~0.00%
Published-19 Nov, 2018 | 08:00
Updated-05 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BestXsoftware Best Free Keylogger before 6.0.0 allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%\BFK 5.2.9\syscrb.exe" file because of insecure permissions for the BUILTIN\Users group.

Action-Not Available
Vendor-bestxsoftwaren/a
Product-best_free_keyloggern/a
CWE ID-CWE-426
Untrusted Search Path
CVE-2018-18369
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.8||HIGH
EPSS-2.38% / 81.86%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 16:55
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead.

Action-Not Available
Vendor-Symantec Corporation
Product-endpoint_protection_cloudendpoint_protection_cloud_agentendpoint_protectionnorton_securitySymantec Endpoint Protection Small Business EditionNorton Security
CWE ID-CWE-426
Untrusted Search Path
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found