52 matches found
CVE-2023-47039 Perl: perl for windows binary hijacking vulnerability
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...
CVE-2023-46814
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM...
CVE-2023-46814
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM...
Design/Logic Flaw
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM...
CVE-2023-46814
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM...
VideoLAN VLC media player security vulnerability
VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. It supports playback of multiple media files, CD-ROMs, etc., multiple audio and video formats WMV, MP3, etc., etc. A security vulnerability exists in VideoLA...
CVE-2023-46814
A binary hijacking vulnerability exists within the VideoLAN VLC media player before 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYSTEM...
CVE-2023-46814
The vulnerability CVE-2023-46814 affects VideoLAN VLC media player on Windows prior to 3.0.19. The issue is a binary hijack where the uninstaller runs actions with elevated privileges from a standard-user-writable location, allowing arbitrary code execution as SYSTEM. Impact is elevated privilege...
CVE-2022-37173
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe...
CVE-2022-37173
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe...
CVE-2022-37173
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe...
Code injection
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe...
CVE-2022-37173
The CVE-2022-37173 entry describes a vulnerability in the gvim 9.0.0000 installer that allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. Affected component: the installer. Root cause: binary hijacking during installation. Impact: remote arbi...
Gvim 安全漏洞
Gvim is a Vim open source with a built-in GUI. A security vulnerability exists in Gvim version 9.0.0000. An attacker can exploit this vulnerability to execute arbitrary code via a binary hijacking attack on C:Program.exe...
PT-2022-23854 · Vim · Gvim
Name of the Vulnerable Software and Affected Versions: gvim version 9.0.0000 Description: An issue in the installer of gvim allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:Program.exe. Recommendations: For gvim version 9.0.0000, consider restricting...
Embarcadero Technologies Dev-CPP 代码问题漏洞
Embarcadero Technologies Dev-CPP is a free, all-in-one development environment for C/C++ development from Embarcadero Technologies, USA. A security vulnerability exists in Embarcadero Technologies Dev-CPP v6.3, which originates from binary hijacking. The vulnerability can be exploited to execute...
CVE-2021-32957
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is...
CVE-2021-32957
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is...
Design/Logic Flaw
A function in MDT AutoSave versions prior to v6.02.06 is used to retrieve system information for a specific process, and this information collection executes multiple commands and summarizes the information into an XML. This function and subsequent process gives full path to the executable and is...
CVE-2021-32957
The CVE-2021-32957 entry relates to MDT AutoSave prior to version 6.02.06, where a function used to retrieve process system information collects commands and formats results into XML and returns the full path to the executable. This creates a risk of binary hijacking (Uncontrolled Search Path Ele...