Design/Logic Flaw

Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST...

Design/Logic Flaw

Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrat...

Design/Logic Flaw

Untrusted search path vulnerability in Microsoft Windows Movie Maker WMM 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker MSWMM file, aka "Insecure Library Loading Vulnerability."...

CVE-2010-3965

Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrat...

CVE-2010-3967

CVE-2010-3967 describes an Untrusted Search Path/Insecure Library Loading vulnerability in Microsoft Windows Movie Maker 2.6. A Trojan DLL placed in the current working directory (e.g., a directory containing an MSWMM file) can be loaded by WMM, allowing local users to gain privileges. The issue ...

CVE-2010-3965

The CVE-2010-3965 issue is an Insecure Library Loading (untrusted search path) vulnerability in Windows Media Encoder 9. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 Gold/SP2. The root cause is that Windows Media Encoder loa...

Adobe Photoshop CS5 < 12.0.2 (APSB10-30)

The installed version of Adobe Photoshop is older than 12.0.2, and hence affected by the following issues : - Insecure library loading, which could result in arbitrary code execution. CVE-2010-3127 - Multiple unspecified vulnerabilities. C Tenable Network Security, Inc. include"compat.inc"; if...

MS10-097: Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)

The remote Windows host contains a version of the Internet Connection Signup Wizard that incorrectly restricts the path used for loading external libraries. If an attacker can trick a user on the affected system into opening a specially crafted .ins or .isp file located in the same network...

Microsoft Windows Media Encoder Insecure Library Loading (MS10-094; CVE-2010-3965)

Microsoft Windows Media Encoder is a production tool for converting both live and prerecorded audio and video to Windows Media Format. A remote code execution vulnerability has been reported in the way that Microsoft Office handles the loading of DLL files. The vulnerability is caused when the...

CVE-2010-4296

vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via...

PT-2010-5404 · Vmware · Vmware Server +3

Name of the Vulnerable Software and Affected Versions: VMware Workstation versions 7.0 through 7.1.2 build 301547 VMware Player versions 3.1.x through 3.1.1 build 301547 VMware Server version 2.0.2 VMware Fusion versions 3.1.x through 3.1.1 build 332100 Description: The issue is related to the...

AOL Instant Messenger Insecure Library Loading Vulnerability

A vulnerability has been discovered in AOL Instant Messenger, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. Libraries list called is as follows: • dwmapi.dll This can be exploit...

Native Instruments Reaktor 5 Player 5.5.1 Insecure Library Loading

/ Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 5.5.1 R10584 or 5.5.1.10584 Standalone Summary: REAKTOR 5 PLAYER is your free entry point to the award-winning...

Native Instruments Guitar Rig 4 Player 4.1.1 Insecure Library Loading

/ Native Instruments Guitar Rig 4 Player v4.1.1 Insecure Library Loading Vulnerability Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 4.1.1.1845 Standalone Summary: GUITAR RIG 4 PLAYER is the free, modular and expandable effects processor fro...

Native Instruments Service Center 2.2.5 Insecure Library Loading

/ Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 2.2.5 R596 Summary: The NI Service Center is a service used for Product Activation. Desc: The Service Center suffe...

Native Instruments Kontakt 4 Player 4.1.3 Insecure Library Loading

/ Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability Vendor: Native Instruments GmbH Product web page: http://www.native-instruments.com Affected version: 4.1.3.4125 Standalone Summary: KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT...

Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability

Summary REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous. Description Reaktor 5 Player suffers from a DLL hijacking vulnerability, which could be exploited by remot...

Native Instruments Guitar Rig 4 Player v4.1.1 Insecure Library Loading Vulnerability

Summary GUITAR RIG 4 PLAYER is the free, modular and expandable effects processor from Native Instruments, combining creative effects routing possibilities with ease-of-use and pristine sound quality. The included FACTORY SELECTION library provides one stunning Amp emulation with Matched Cabinet,...

Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability

Summary The NI Service Center is a service used for Product Activation. Description The Service Center suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain...

Mozilla unsafe library loading flaw

A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan hor...