6.2

CVE-2007-6753

EPSS 1.39%
Published 28.03.2012 19:55:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000

Microsoft ≫ Windows 7

Microsoft ≫ Windows Server 2008 Version-

Microsoft ≫ Windows Vista

Microsoft ≫ Windows Xp

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.39%	0.797

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html

http://secunia.com/advisories/41984

Vendor Advisory

http://support.microsoft.com/kb/329308

http://www.securityfocus.com/bid/44484

https://nvd.nist.gov/vuln/detail/CVE-2007-6753

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6753

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6753

EUVD