924 matches found
CVE-2017-12414
Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll...
Installer of Baidu IME may insecurely load Dynamic Link Libraries
Overview Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
InternetSoft FTP Commander Untrusted Search Path Vulnerability
InternetSoft FTP Commander is a Windows-based FTP client developed by InternetSoft. A security vulnerability exists in InternetSoft FTP Commander 8.02 and earlier versions. The vulnerability can be exploited by an attacker to hijack a DLL and execute code via a malicious dwmapi.dll file...
Denial of Service Vulnerability in CAJviewer, CAJ Cloud Reader
CAJviewer and CAJ Cloud Reader are specialized full-text format readers for China Journal Network. A denial of service vulnerability exists in CAJviewer, CAJ Cloud Reader when processing caj files. The latest version of ReaderEx.dll dynamic library function fails to determine whether the pointer ...
Installer of LhaForge may insecurely load Dynamic Link Libraries
Overview LhaForge is a file compression/decompression software. The installer of LhaForge contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with t...
Lhaz Installer Untrusted Search Path Vulnerability
Lhaz is a compression/decompression tool.Installer is one of the installers. An untrusted search path vulnerability exists in the installer in Lhaz 2.4.0 and earlier versions. An attacker can exploit this vulnerability to gain privileges with a malicious DLL in a directory...
CVE-2017-2268
Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2247
Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Setup file of advance preparation untrusted search path vulnerability
Setup file of advance preparation is an installation file for a series of software released by the National Tax Agency NTA of Japan. An untrusted search path vulnerability exists in the Setup file of advance preparation installer. An attacker can exploit this vulnerability to gain privileges via ...
PT-2017-10721 · Audacity Team +1 · Audacity +1
Name of the Vulnerable Software and Affected Versions: Audacity versions 2.1.2 through 2.3.2 Description: The issue allows for arbitrary code execution due to Dll Hijacking in the avformat-55.dll. Recommendations: For Audacity versions 2.1.2 through 2.3.2, consider restricting access to the...
CVE-2017-2232
Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft 4.8A and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2226
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software WEB version 1.17.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Microsoft IME may insecurely load Dynamic Link Libraries
Overview Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not...
Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries
Overview Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. and BlackWingCat of Pink...
Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries
Overview Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc., Yuji Tounai of NTT Communications...
PatchJGD Installer Untrusted Search Path Vulnerability
PatchJGD is a coordinate exchange software package released by the Japan Geographic Institute GSI. An untrusted search path vulnerability exists in the installer PatchJGD101.EXE in PatchJGD version 1.0.1. An attacker can exploit this vulnerability to gain privileges with a malicious DLL in the...
PatchJGD (Hyoko) Installer Untrusted Search Path Vulnerability
PatchJGD Hyoko is a coordinate exchange software package released by the Japan Geographic Institute GSI. An untrusted search path vulnerability exists in the installer PatchJGDh101.EXE of PatchJGD Hyoko version 1.0.1. The vulnerability can be exploited to gain privileges via a malicious DLL in th...
CVE-2017-2206
Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment may insecurely load Dynamic Link Libraries
Overview Installer of Houkokusyo Sakusei Shien Tool provided by Ministry of the Environment contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to...
Tera Term Installer Untrustworthy Search Path Vulnerability
Tera Term is a terminal emulator that supports serial ports, telnet and SSH connections.Installer is the installer of it. An untrustworthy search path vulnerability exists in the installer in Tera Term 4.94 and earlier versions. An attacker can exploit this vulnerability to gain privileges with t...