CVE-2018-1000201

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...

CVE-2018-1000201

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...

CVE-2018-1000201

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...

CVE-2018-1000201

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...

CVE-2018-1000201

CVE-2018-1000201 affects ruby-ffi ≤ 1.9.23, where a DLL loading issue can be hijacked on Windows when a Symbol is used as a DLL name instead of a String. This vulnerability appears to have been fixed in v1.9.24 and later. IBM X-Force/OSV entries corroborate the issue and note the patch release. E...

CVE-2018-1000201

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...

ruby-ffi DDL loading issue on Windows OS

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...

Security Bulletin: IBM Tivoli Storage Manager FastBack Demo package on the Web Potential DLL Loading Code Execution Vulnerability (CVE-2016-5934 )

Summary IBM Tivoli Storage Manager FastBack Demo package on the Web contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. Vulnerability Details CVEID: CVE-2016-5934 DESCRIPTION: IBM Tivoli Storage Manager...

Foxit PhantomPDF Multiple Vulnerabilities (May 2018) - Windows

Foxit PhantomPDF is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:phantompdf";...

The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries

Overview The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer CWE-427. Microsoft states that the root cause of this vulnerability is "Applicatio...

Microsoft Office Patch Installer Has Multiple DLL Loading Remote Code Execution Vulnerabilities

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. Microsoft Office suffers from multiple DLL loading remote code execution vulnerabilities. An attacker could execute arbitrary code in the user environment of the affected application, and ...

KLA11237 Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An unsafe DLL loading...

JVN#85056623: Installer of SoundEngine Free may insecurely load Dynamic Link Libraries

Installer of SoundEngine Free contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest installer...

Swisscom MySwisscomAssistant DLL Loading Vulnerability

Swisscom MySwisscomAssistant is a telecom network assistant program from Swisscom, Switzerland. The program helps to set up, maintain and manage the network. A security vulnerability exists in the handling of multiple DLLs files in Swisscom MySwisscomAssistant version 2.17.1.1065. A remote attack...

CVE-2018-6766

Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that coul...

CVE-2018-6766

Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that coul...

CVE-2018-6765

Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing...

IBM Notes DLL Loading Remote Code Execution Vulnerability

IBM Notes for Windows is a set of IBM's Windows-based platform for collaborative office software. The software has e-mail, calendar, scheduling and other office functions. A remote code execution vulnerability exists in IBM Notes for Windows. A remote attacker can cause a user to double-click on ...

Microsoft Windows Installer CVE-2018-0868 DLL Loading Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...

JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products

Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...