3 matches found
CVE-2017-2246
The CVE-2017-2246 entry concerns Lhaz Installer (version 2.4.0 and earlier). The vulnerability is an untrusted search path that allows an attacker to gain privileges by placing a Trojan DLL in an unspecified directory, enabling arbitrary code execution with the invoking user’s privileges via the ...
CVE-2017-2246
Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
JVN#21369452: Installers of Lhaz and Lhaz+, and Self-Extracting Archives created by Lhaz or Lhaz+ may insecurely load Dynamic Link Libraries
Lhaz and Lhaz+ provided by Chitora soft contain the following vulnerabilities. Installers of Lhaz and Lhaz+ insecurely load Dynamic Link Libraries CWE-427 - CVE-2017-2246, CVE-2017-2248 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H| Base Score: 7.8 CVSS...