Design/Logic Flaw

2012-09-0610:41:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in KeePass Password Safe before 2.13 allows local users to gain privileges via a Trojan horse DwmApi.dll file in the current working directory, as demonstrated by a directory that contains a .kdbx file. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
password_safele2.10
password_safeeq1.6

CPE	Name	Operator	Version
	password_safe	le	2.10
	password_safe	eq	1.6

References

secunia.com/advisories/41167

www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/

www.keepass.info/news/n100906_2.13.html