Untrusted Search Path

CVE-2022-28128

Medium

4.4/10

Summary

Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

Access Complexity: MEDIUM
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-426 - Untrusted Search Path

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

References

Advisory Timeline

Published Mar 31, 2022

Untrusted Search Path

CVE-2022-28128

Summary

CWE-426 - Untrusted Search Path

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS