6.2

CVE-2007-6753

EPSS 1.39%
Veröffentlicht 28.03.2012 19:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000

Microsoft ≫ Windows 7

Microsoft ≫ Windows Server 2008 Version-

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Xp

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.39%	0.797

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html

http://secunia.com/advisories/41984

Vendor Advisory

http://support.microsoft.com/kb/329308

http://www.securityfocus.com/bid/44484

https://nvd.nist.gov/vuln/detail/CVE-2007-6753

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6753

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6753

EUVD