Описание
Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
Комментарий
Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Одно из
EPSS
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
EPSS
9.3 Critical
CVSS2