Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6461 | 2 March-hare, Microsoft | 2 Wincvs, Windows | 2018-03-13 | 9.3 HIGH | 7.8 HIGH |
| March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. | |||||
| CVE-2017-1711 | 1 Ibm | 2 Client Application Access, Notes | 2018-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532. | |||||
| CVE-2018-0517 | 1 Kddi | 1 Anshin Net Security | 2018-03-10 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2252 | 1 Sourcenext | 1 File Compact | 2018-02-16 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-6318 | 1 Sophos | 1 Sophos Tester | 2018-02-15 | 9.3 HIGH | 7.8 HIGH |
| In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack. | |||||
| CVE-2018-0507 | 1 Ntt-east | 2 Flet\'s Virus Clear Easy Setup \& Application Tool, Flet\'s Virus Clear V6 Easy Setup \& Application Tool | 2018-02-13 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2018-6475 | 1 Superantispyware | 1 Superantispyware | 2018-02-13 | 9.3 HIGH | 7.8 HIGH |
| In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | |||||
| CVE-2017-5696 | 1 Intel | 1 Graphics Driver | 2018-02-07 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access. | |||||
| CVE-2017-7327 | 1 Yandex | 1 Yandex Browser | 2018-02-01 | 6.8 MEDIUM | 7.8 HIGH |
| Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | |||||
| CVE-2017-17010 | 1 Sony | 1 Content Manager Assistant | 2018-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-10909 | 1 Sony | 1 Music Center | 2018-01-09 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-11397 | 1 Trendmicro | 1 Encryption For Email | 2017-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. | |||||
| CVE-2017-16690 | 1 Sap | 1 Plant Connectivity | 2017-12-29 | 6.8 MEDIUM | 7.8 HIGH |
| A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. | |||||
| CVE-2014-8358 | 1 Huawei | 6 Ec156, Ec156 Firmware, Ec176 and 3 more | 2017-12-29 | 9.3 HIGH | 7.8 HIGH |
| Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe. | |||||
| CVE-2017-13070 | 1 Qnap | 1 Qsync | 2017-12-26 | 9.3 HIGH | 7.8 HIGH |
| A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | |||||
| CVE-2017-17069 | 2 Amazon, Microsoft | 2 Audible, Windows | 2017-12-20 | 9.3 HIGH | 7.8 HIGH |
| ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. | |||||
| CVE-2017-10893 | 1 J-lis | 1 The Public Certification Service For Individuals | 2017-12-20 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-10892 | 1 Sony | 1 Music Center | 2017-12-14 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-10891 | 1 Sony | 1 Media Go | 2017-12-14 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-8137 | 1 Huawei | 1 Hedex Lite | 2017-12-07 | 9.3 HIGH | 7.8 HIGH |
| HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking. | |||||