Vulnerabilities > CVE-2011-3503 - Unspecified vulnerability in Interactivedata Esignal 10.6.2425.1208

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

interactivedata

critical

NVD

Published: 2011-09-16

Updated: 2017-08-29

Summary

Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Interactivedata Interactivedata Esignal 10.6.2425.1208	1

References

http://osvdb.org/75458
http://secunia.com/advisories/45966
https://exchange.xforce.ibmcloud.com/vulnerabilities/69786