CVE-2017-12314

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to...

CVE-2017-13676

Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a...

Installer and self-extracting archive containing the installer of "Security Setup Tool" may insecurely load Dynamic Link Libraries

Overview The installer and the self-extracting archive containing the installer of "Security Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of...

Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries

Overview Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to...

Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries

Overview Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

About the security content of iCloud for Windows 6.0.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

CVE-2016-7275

Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...

About the security content of iCloud for Windows 6.0.1

About the security content of iCloud for Windows 6.0.1 This document describes the security content of iCloud for Windows 6.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

About the security content of iTunes 12.4 - Apple Support

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...

About the security content of iTunes 12.4

About the security content of iTunes 12.4 This document describes the security content of iTunes 12.4. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To...

CVE-2016-0016

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL...

OPC Systems.NET Local Privilege Vulnerability

OPC Systems.NET is a complete suite of products from the OPC Foundation of America that provides all . A local elevation of privilege vulnerability exists in OPC Systems.NET 8.00.0023 and earlier versions, which stems from the program failing to properly load a Dynamic Link Library DLL file. An...

Mozilla Firefox/Firefox ESR/Thunderbird DLL Load Arbitrary Code Execution Vulnerability

Mozilla Firefox/Thunderbird is a web browser/email client released by Mozilla. An arbitrary code execution vulnerability exists in the Mozilla Firefox/Firefox ESR/Thunderbird DLL loading, which can be exploited by an attacker to execute arbitrary code in the context of a user of an affected...

CorelCAD 'TD_Mgd_3.08_9.dll' DLL Loading Arbitrary Code Execution Vulnerability

CorelCAD is a 3D drawing software. An arbitrary code execution vulnerability exists in CorelCAD 'TDMgd3.089.dll' DLL loading due to CorelCAD failing to properly load the 'TDMgd3.089.dll' file. Allows an attacker to construct a malicious DLL file that loads arbitrary code in the context of the...

Autodesk AutoCAD < 2014 Multiple Vulnerabilities

The remote host has a version of Autodesk AutoCAD installed prior to AutoCAD 2014. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling FAS files that could allow execution of arbitrary VBScript code. CVE-2014-0818 - An error exists relat...

Wireshark multiple security vulnerabilities

DoS on different protocols dissectors, unsafe dynamic library loading...

TeraPad may insecurely load dynamic libraries

Overview TeraPad may use unsafe methods for determining how to load DLLs. TeraPad is a text editor. TeraPad loads certain DLL's when TXT files are opened. TeraPad contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Makoto Shiotsuki reported this...

Windows print spooler multiple security vulnerabilities

Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading...

FreeBSD : cyrus-sasl -- dynamic library loading and set-user-ID applications (92268205-1947-11d9-bc4a-000c41e2cdad)

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASLPATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application such as chsh...

Adobe Acrobat / Reader multiple security vulnerabilities

Multiple buffer overflows and integer overflows, unsafe methods, unsafe dynamic library loading...