HIGH🇬🇧 English

CVE-2011-5158

CVSS 9.3v2.0pub. 2012-09-07upd. 2026-04-29

Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Datev Grundpaket Basis

    APP
    Datev
    cd23.20
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2010-0689HIGH10.0ten sam vendor

The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base Syst...

CVE-2023-33387MEDIUM6.1ten sam vendor

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Pl...

CVE-2003-1169MEDIUM4.6ten sam vendor

DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows lo...