[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6753Date: (C)2012-03-28   (M)2023-12-22


Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.2
Exploit Score: 1.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
MSKB-329308
SECUNIA-41984
BID-44484
http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html

CPE    5
cpe:/o:microsoft:windows_2000
cpe:/o:microsoft:windows_xp
cpe:/o:microsoft:windows_vista
cpe:/o:microsoft:windows_server_2008:-
...

© SecPod Technologies