CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

639 vulnerabilities with CWE-426
CVE-2018-0648 HIGH
ChatWork Desktop App < 2.3.0 - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2018-0624 HIGH
Yayoi 17 Series - Untrusted Search Path via ykkapi.dll Loading
CVSS 7.8
CVE-2018-0623 HIGH
Yayoi 17 Series - Untrusted Search Path via msjet49.dll Loading
CVSS 7.8
CVE-2018-10904 HIGH
glusterfs 3.12.0-3.12.13 - Remote Code Execution via Untrusted Search Path in io-stats Translator
CVSS 8.8
CVE-2018-0656 HIGH
Sony Digital Paper App < 1.4.0.16050 - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2018-5003 HIGH
Adobe Creative Cloud < 4.5.5.342 - DLL Hijacking Privilege Escalation
CVSS 7.8
CVE-2018-0621 HIGH
LOGICOOL CONNECTION UTILITY SOFTWARE < 2.30.9 - Untrusted Search Path
CVSS 7.8
CVE-2018-0620 HIGH
LOGICOOL Game Software < 8.87.116 - Untrusted Search Path
CVSS 7.8
CVE-2018-0619 HIGH
Glarysoft Glary Utilities < 5.99 - Untrusted Search Path
CVSS 7.8
CVE-2018-10875 HIGH
Ansible < 2.4.6.0 - Untrusted Search Path via ansible.cfg
CVSS 7.8
CVE-2018-1487 HIGH
IBM DB2 <11.1 - Privilege Escalation
CVSS 8.4
CVE-2018-1458 HIGH
IBM DB2 9.7, 10.1, 10.5, 11.1 - DLL Hijacking via Untrusted Search Path
CVSS 7.4
CVE-2018-13133 HIGH
Golden Frog VyprVPN < 2018-06-21 - Untrusted Search Path
CVSS 7.8
CVE-2018-13102 HIGH
AnyDesk < 4.1.3 - DLL Preloading
CVSS 7.8
CVE-2018-10874 HIGH
Ansible < 2.4.6.0 - Unauthenticated Remote Code Execution via Inventory Variable Injection
CVSS 7.8
CVE-2018-12589 HIGH
Polaris Office 2017 8.1 - Remote Code Execution via Trojan Horse DLL in Current Working Directory
CVSS 7.8
CVE-2018-0609 HIGH
LINE for Windows < 5.8.0 - Untrusted Search Path
CVSS 7.8
CVE-2018-0601 HIGH
axpdfium v0.01 - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2018-0600 HIGH
PlayMemories Home < 5.5.01 - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2018-0599 HIGH
Windows - Untrusted Search Path Vulnerability in Visual C++ Redistributable Installer
CVSS 7.8
CVE-2018-0598 HIGH
Windows - Untrusted Search Path Vulnerability via IExpress Self-Extracting Archive
CVSS 7.8
CVE-2018-0597 HIGH
Visual Studio Code - Untrusted Search Path Vulnerability via Trojan Horse DLL
CVSS 7.8
CVE-2018-0596 HIGH
Visual Studio Community - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2018-0595 HIGH
Skype for Windows - Untrusted Search Path DLL Planting
CVSS 7.8
CVE-2018-0594 HIGH
Skype for Windows - Untrusted Search Path Vulnerability via Trojan Horse DLL
CVSS 7.8
Details
Vulnerabilities 639
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits