Vulnerabilities > CVE-2012-2753 - Unspecified vulnerability in Checkpoint products
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Vulnerable Configurations
Nessus
| NASL family | Windows |
| NASL id | CHECKPOINT_ENDPOINT_RAC_DLL_LOADING.NASL |
| description | The version of Check Point Remote Access Client installed on the remote Windows host is earlier than E75.10 and is, therefore, reportedly affected by an insecure library loading vulnerability. If an attacker can trick a user on the affected system into opening a specially crafted file, they may be able to leverage this issue to execute arbitrary code subject to the user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 62076 |
| published | 2012-09-13 |
| reporter | This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/62076 |
| title | Check Point Remote Access Client Insecure Library Loading |