CVE-2017-14010

Опубликовано: 26 апр. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

Ссылки

http://spidercontrol.net/download/downloadarea/?lang=en
Patch
http://www.securityfocus.com/bid/101505
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01
Patch
Third Party Advisory
US Government Resource
http://spidercontrol.net/download/downloadarea/?lang=en
Patch
http://www.securityfocus.com/bid/101505
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:spidercontrol:scada_microbrowser:*:*:*:*:*:*:*:*

Версия до 1.6.30.144 (включая)

Одно из

cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00353

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-xff5-4p93-933w