CVE-2013-3942

Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability...

Remote code execution

Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability...

CVE-2013-3942

Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability...

CVE-2013-3942

CVE-2013-3942 affects PotPlayer prior to 1.5.39659. The vulnerability is a DLL loading Arbitrary Code Execution vulnerability rooted in the way the player loads DLLs. Public references in the connected documents describe the impact as arbitrary code execution, with an indication of potential expl...

TrendMicro Anti-Threat Toolkit Improper Fix

Hi @ll, on September 29, 2019, John Page reported a remote code execution with escalation of privilege in TrendMicro's Anti-Threat Toolkit to its vendor. TrendMicro assigned CVE-2019-9491 to this vulnerability and told the reporter, his dog and the world on October 18, 2019, that they had fixed t...

PSF-2020-7 CVE-2020-8315: Unsafe DLL loading in getpathp.c on Windows 7

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...

CVE-2019-17099

An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163...

CVE-2016-6590

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec...

CVE-2016-6590

A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec...

The vulnerability of the Endpoint Security Initial Client for Windows clients involves a lack of mechanisms for secure loading of DLL libraries, allowing attackers to exploit their privileges.

The vulnerability of Endpoint Security Initial Client for Windows involves a lack of a secure loading mechanism for DLL libraries. Exploiting this vulnerability allows an attacker to enhance their privileges by executing malicious software...

STAMP Workbench installer may insecurely load Dynamic Link Libraries

Overview STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely...

Cisco Webex Teams code Injection (CVE-2019-1636)

A remote code execution vulnerability exists in Cisco Webex Teams. The vulnerability is due to improper sanitation of user-supplied data which may be passed to the application as an option regarding the DLL loading path. Successful exploitation could result in code execution on the target machine...

Lenovo System Interface Foundation Unsigned DLL Loading Vulnerability

The Lenovo System Interface Foundation is a collection of system services, drivers and plug-ins that support Lenovo Vantage applications. An unsigned DLL loading vulnerability exists in Lenovo System Interface Foundation versions prior to 1.1.18.3. An attacker can exploit this vulnerability to lo...

CVE-2019-5695

NVIDIA GeForce Experience prior to 3.20.1 and Windows GPU Display Driver all versions contains a vulnerability in the local service provider component in which an attacker with local system and privileged access can incorrectly load Windows system DLLs without validating the path or signature als...

Adobe Animate CVE-2019-7960 DLL Loading Local Privilege Escalation Vulnerability

Description Adobe Animate is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Animate 19.2.1 and prior are vulnerable. Technologies Affected Adobe Animate 14.2.0.20 Adobe Animate 15.0.0.173 Adobe Animate 15.0.1.179 Adobe...

Electronic Arts Origin Client URI Handler Remote Code Execution (CVE-2019-12828)

A remote code execution vulnerability exists in the Electronic Arts Origin Client. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option regarding the DLL loading path. A remote attacker could exploit the vulnerability by...

CVE-2019-6826

A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product...

CVE-2019-8461

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with...

CVE-2019-8461

CVE-2019-8461 – Check Point Endpoint Security Initial Client for Windows is a local privilege escalation vulnerability affecting versions prior to E81.30. The issue arises when the client loads a DLL placed in any PATH location on a clean image without the Endpoint Client installed, allowing an a...

CVE-2019-8461

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with...