Vulnerabilities > CVE-2012-1819 - DLL Loading Arbitrary Code Execution vulnerability in Wellintech Kingview 6.53

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

wellintech

critical

NVD

Published: 2012-05-02

Updated: 2017-12-14

Summary

Untrusted search path vulnerability in WellinTech KingView 6.53 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-122-01.pdf 'This vulnerability is remotely exploitable but may require the use of social engineering to exploit.' Per: http://cwe.mitre.org/data/lists/426.html 'Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Wellintech Wellintech Kingview 6.53	1

References

http://en.wellintech.com/news/detail.aspx?contentid=168
http://www.securityfocus.com/bid/53316
http://www.us-cert.gov/control_systems/pdf/ICSA-12-122-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75309