The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11 and is prone to untrusted search path vulnerability. A flaw is present in the application, which fails to handle a Trojan horse DLL in the default downloads directory. Successful exploitation allows local users to gain privileges.