Описание
Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.
Ссылки
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 8.0.0 (исключая)
cpe:2.3:a:auvesy:versiondog:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00128
Низкий
9.1 Critical
CVSS3
7.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-427
Связанные уязвимости
github
больше 3 лет назад
Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.
EPSS
Процентиль: 33%
0.00128
Низкий
9.1 Critical
CVSS3
7.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-427