Vulnerabilities > CVE-2014-9207 - DLL Loading Arbitrary Code Execution vulnerability in Cimon CmnView

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

cimon

NVD

Published: 2015-03-14

Updated: 2015-08-06

Summary

Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>

Vulnerable Configurations

Part	Description	Count
Application	Cimon Cimon Cmnview 2.14.0.1 Cimon Ultimateaccess 3.00 Cimon Ultimateaccess 3.01	3

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01