CVE-2007-6753

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-03-2012 09:55

Last modified: - 14-11-2022 06:02

Total changes: - 2

Description

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:H/Au:N/C:C/I:C/A:C

High

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

6.2

Base score

1.9

10.0

Exploitability score

Impact score

Verification logic

Reference

http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html
329308-
41984-Vendor Advisory
44484-

Keywords

CVE-2007-6753

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-6753

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures