7.8
CVE-2018-16190
- EPSS 0.28%
- Veröffentlicht 13.02.2019 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:15
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginUntrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Micco ≫ Lmlzh32.Dll Version <= 2.67.1.2
Micco ≫ Unarj32.Dll Version <= 1.10.1.25
Micco ≫ Unlha32.Dll Version <= 2.67.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.512 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.