Design/Logic Flaw

2012-09-0610:41:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.7%

JSON

Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
secure_clientle9.23
secure_enterprise_clientle9.21
secure_entry_clientle9.23

Name	Operator	Version
secure_client	le	9.23
secure_enterprise_client	le	9.21
secure_entry_client	le	9.23

References

secunia.com/advisories/41388

www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_Statement_EN.pdf