Untrusted Search Path

CVE-2018-0619

High

7.8/10

Summary

Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-426 - Untrusted Search Path

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

References

Advisory Timeline

Published Jul 26, 2018

Untrusted Search Path

CVE-2018-0619

Summary

CWE-426 - Untrusted Search Path

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS