Vulnerabilities > Untrusted Search Path

DATE CVE VULNERABILITY TITLE RISK
2011-10-28 CVE-2011-3640 Untrusted Search Path vulnerability in Google Chrome
** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory.
network
high complexity
google CWE-426
7.1
2011-09-27 CVE-2011-3691 Untrusted Search Path vulnerability in Foxitsoftware Foxit Reader
Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.
network
foxitsoftware CWE-426
critical
9.3
2010-10-25 CVE-2010-3159 Untrusted Search Path vulnerability in Ponsoftware Explzh
Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
6.9
2010-08-31 CVE-2010-3190 Untrusted Search Path vulnerability in multiple products
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html CWE-426: Untrusted Search Path
network
apple microsoft CWE-426
critical
9.3
2009-01-28 CVE-2009-0314 Untrusted Search Path vulnerability in multiple products
Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
6.9