Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.
References
Link | Resource |
---|---|
http://sotiriu.de/adv/NSOADV-2010-010.txt | Exploit Third Party Advisory |
http://secunia.com/advisories/42940 | Third Party Advisory |
Configurations
Information
Published : 2012-09-07 03:32
Updated : 2018-05-23 09:46
NVD link : CVE-2011-5158
Mitre link : CVE-2011-5158
JSON object : View
CWE
CWE-426
Untrusted Search Path
Products Affected
datev
- grundpaket_basis