JVN#29902403: Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact...

PT-2022-26842 · Foxit · Foxit Reader

Name of the Vulnerable Software and Affected Versions: Foxit Reader version 11.2.118.51569 Description: The issue allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. This is due to an uncontrolled search path element in Foxit Software's...

Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries

Overview Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

RealNetworks Real Player 安全漏洞

RealNetworks Real Player is a cross-platform player from RealNetworks, Inc. for enjoying a wide variety of online audio and video material. A security vulnerability exists in RealNetworks Real Player version 20.1.0.312 and earlier versions, which can be exploited by an attacker to execute arbitra...

Installer of Trend Micro HouseCall for Home Networks may insecurely load Dynamic Link Libraries

Overview Trend Micro Incorporated has released a security update for HouseCall for Home Networks. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact Installer of Trend Micro HouseCall for Home Networks contains an issue with the D...

JVN#60037444: Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Installer of Trend Micro Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use...

AttacheCase may insecurely load Dynamic Link Libraries

Overview AttacheCase may insecurely load Dynamic Link Libraries. AttacheCase is an open source file encryption software provided by HiBARA Software. AttacheCase contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Taizoh Tsukamoto of...

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Trend Micro Incorporated has released a security update for Trend Micro Password Manager. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A local attacker may obtain the administrative privilege when the product's...

McAfee TechCheck Code Issues Vulnerabilities

McAfee TechCheck is a software from McAfee USA to keep your computer running smoothly. It is used to diagnose machine problems. A code issue vulnerability exists in versions prior to McAfee TechCheck 4.0.0.2 that allows local administrators to load their own Dynamic Link Library DLL to gain...

CVE-2021-40161

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version...

PT-2021-15549 · Ajaxpro · Ajaxpro

Name of the Vulnerable Software and Affected Versions: ajaxpro.2 versions prior to 21.11.29.1 Description: The issue is related to Deserialization of Untrusted Data, which can be abused to gain remote code execution. This occurs due to the possibility of deserialization of arbitrary .NET classes...

Nextar C472 POS DLL Hijacking

/ Description: A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. Exploit Title: Nextar C472 POS DLL Hijacking Exploit nxmm.dll - mdmdregistration.dll...

Exploit for CVE-2021-1678

PoC exploit for CVE-2021-1678, an arbitrary code execution vulnerability in the Windows Print Spooler service. The exploit is contained within a Docker container, which can be built and run using the provided Dockerfile. The container includes a Python script, spoolsploit.py, that can be used to...

JVN#80288258: The installers of multiple Sony products may insecurely load Dynamic Link Libraries

The installers of multiple Sony products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer by following the...

CVE-2021-31840 DLL preload vulnerability in McAfee Agent for Windows

A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to have valid...

The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries

Overview The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated wi...

Installer of Overwolf may insecurely load Dynamic Link Libraries

Overview Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Shogo kumamaru of LAC Co....

JVN#65733194: The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries

The installers of ScanSnap Manager provided by FUJITSU LIMITED contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest...

CVE-2021-1430

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...

Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...