An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.
In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin.
Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21679.
Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21678.
Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.
Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1.
DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device.
Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory.
Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21540.
Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21680.
Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.