4 matches found
The installer of Microsoft Teams may insecurely load Dynamic Link Libraries
Overview The installer of Microsoft Teams contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting", thus there is no plan to release a...
WebEx Local Service Permissions Code Execution Exploit
This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...
The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries
Overview The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer CWE-427. Microsoft states that the root cause of this vulnerability is "Applicatio...
Process Hacker DLL Hijacking
Hi Wen Jia, You probably heart about the Java issue which affected their installer. http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html However this issue also affects multiple other installers as a security researcher has shown...