An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows

An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows Summary This software update provides the following improvements for Windows: Enables administrators to configure domain-joined computers to use the auto update feature...

Windows IExpress Untrusted Search Path Vulnerability

This host has IExpress bundled with Microsoft Windows and is prone to an untrusted search path vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

Microsoft Windows Iexpress Untrustworthy Search Path Vulnerability

Microsoft Windows Iexpress is a tool for compressing CAB files bundled with Windows from Microsoft USA. An untrusted search path vulnerability exists in the self-extracting archive file created in Microsoft Windows Iexpress. The vulnerability can be exploited by an attacker with a malicious DLL i...

CVE-2018-0598

The CVE-2018-0598 issue concerns self-extracting archive files created by IExpress bundled with Microsoft Windows. Affected component is the IExpress self-extracting archive mechanism, where an untrusted search path can lead to DLL planting and privilege escalation by loading a Trojan horse DLL f...

CVE-2018-0598

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

PT-2018-8956 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue concerns an untrusted search path vulnerability in self-extracting archive files created by IExpress, which is bundled with Microsoft Windows. This vulnerability allows ...

JVN#72748502: Self-Extracting Archive files created by IExpress may insecurely load Dynamic Link Libraries

Self-extracting archive files created by IExpress provided Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" and attac...

Microsoft IExpress DLL Hijacking

Hi @ll, IExpress creates executable installers ° or self-extracting archives for Windows by embedding a .CAB archive and some strings as resources into a copy of the program %SystemRoot%\System32\WExtract.exe. These self-extracting archives/executable installers, especially those made by Microsof...

CVE-2007-3992

SQL injection vulnerability in virlogin.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2007-3992

SQL injection vulnerability in virlogin.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2007-3992

Summary (CVE-2007-3992): SQL injection vulnerability in the web component vir_login.asp of iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter (the related Username issue is tracked under CVE-2006-6029). Documented impact is partial confident...

Ordinary file deception-vulnerability warning-the black bar safety net

Have a very want to get the permission of the Forum, and suddenly see the administrator collection XX information, photos, and open up an FTP upload, so the thought of the bundled Trojan file to trick the administrator of the method. I used to use windows comes with IEXPRESS bundle file, bundle...

Ordinary file deception-vulnerability warning-the black bar safety net

Source: whytt's Blog Have a very want to get the permission of the Forum, and suddenly see the administrator collection XX information, photos, and open up an FTP upload, so the thought of the bundled Trojan file to trick the administrator of the method. I used to use windows comes with IEXPRESS...