Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
oryginał ENCVSS Vector
AV:L/AC:M/Au:N/C:C/I:C/A:CBandisoft Bandizip
APPBandisoft3.003.013.023.033.043.053.063.073.08≤ 3.09
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2021-26623HIGH7.8ten sam produkt
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's para...
CVE-2025-33027MEDIUM6.1ten sam produkt
In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows...
CVE-2023-4863HIGH8.8⚠ KEVten sam vendor
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote at...
CVE-2021-26635HIGH7.8ten sam vendor
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from ...
CVE-2021-26615HIGH7.8ten sam vendor
ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNa...