Vulnerabilities > Untrusted Search Path

DATE CVE VULNERABILITY TITLE RISK
2015-09-26 CVE-2015-6305 Untrusted Search Path vulnerability in Cisco Anyconnect Secure Mobility Client
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279.
local
low complexity
cisco microsoft CWE-426
7.2
2015-05-14 CVE-2015-3987 Untrusted Search Path vulnerability in Mcafee EPO Deep Command 2.1/2.2
Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors.
local
low complexity
mcafee CWE-426
7.2
2015-03-11 CVE-2015-0096 Untrusted Search Path vulnerability in Microsoft products
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
network
microsoft CWE-426
critical
9.3
2014-04-08 CVE-2014-0315 Untrusted Search Path vulnerability in Microsoft products
Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
6.9
2012-09-07 CVE-2011-5158 Untrusted Search Path vulnerability in Datev Grundpaket Basis Cd23.20
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file.
network
datev CWE-426
critical
9.3
2012-09-07 CVE-2010-5250 Untrusted Search Path vulnerability in Pthread-Win32 Project Pthreads-Win32 2.8.0
Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory.
6.9
2012-06-09 CVE-2012-2040 Untrusted Search Path vulnerability in multiple products
Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory.
network
adobe opensuse suse CWE-426
critical
9.3
2011-12-14 CVE-2011-2019 Untrusted Search Path vulnerability in Microsoft Internet Explorer 9
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
network
microsoft CWE-426
critical
9.3
2011-09-27 CVE-2011-3691 Untrusted Search Path vulnerability in Foxitsoftware Foxit Reader
Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.
network
foxitsoftware CWE-426
critical
9.3
2010-10-25 CVE-2010-3159 Untrusted Search Path vulnerability in Ponsoftware Explzh
Untrusted search path vulnerability in Explzh 5.67 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.
6.9