CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

643 vulnerabilities with CWE-426
CVE-2017-10849 HIGH
Fuji Xerox DocuWorks - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2017-10848 HIGH
Fuji Xerox DocuWorks and DocuWorks Viewer Light < 8.0.7 - Untrusted Search Path
CVSS 7.8
CVE-2017-10829 HIGH
Remote Support Tool (Enkaku Support Tool) - Untrusted Search Path
CVSS 7.8
CVE-2017-11158 HIGH
Synology Cloud Station Drive < 4.2.5-4396 - Untrusted Search Path via DLL Hijacking
CVSS 7.8
CVE-2017-11157 HIGH
Synology Cloud Station Backup < 4.2.4-4393 - Untrusted Search Path via DLL Hijacking
CVSS 7.8
CVE-2017-2242 HIGH
Flets Setsuzoku Tool - Privilege Escalation
CVSS 7.8
CVE-2017-10836 HIGH
Optimal Guard <= 1.1.21 - Untrusted Search Path
CVSS 7.8
CVE-2017-10831 HIGH
The CRCA user's Software <= 1.8 - Untrusted Search Path
CVSS 7.8
CVE-2017-10830 HIGH
NTT Security Setup Tool - Untrusted Search Path
CVSS 7.8
CVE-2017-10828 HIGH
Flets Install Tool - Untrusted Search Path via Trojan Horse DLL
CVSS 7.8
CVE-2017-10827 HIGH
Flets Azukeru for Windows Auto Backup Tool <= 1.0.3.0 - Untrusted Search Path
CVSS 7.8
CVE-2017-10826 HIGH
Security Kinou Mihariban <= 1.0.21 - Untrusted Search Path
CVSS 7.8
CVE-2017-10812 HIGH
Photo Collection PC Software < 4.0.2 - Untrusted Search Path
CVSS 7.8
CVE-2017-11159 HIGH
Synology Photo Station Uploader < 1.4.2-084 - Untrusted Search Path via DLL Hijacking
CVSS 7.8
CVE-2017-11160 HIGH
Synology Assistant < 6.1-15030 - Untrusted Search Path via DLL Hijacking
CVSS 7.8
CVE-2017-2289 HIGH
Qua station connection tool <1.00.03 - Privilege Escalation
CVSS 7.8
CVE-2017-2228 HIGH
Teikihoukokusho Sakuseishien Tool <4.0 - Privilege Escalation
CVSS 7.8
CVE-2017-10824 HIGH
TDB CA TypeA use software <= 5.2 - Untrusted Search Path
CVSS 7.8
CVE-2017-10823 HIGH
Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program - Untrusted Search Path
CVSS 7.8
CVE-2017-10822 HIGH
Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program - Untrusted Search Path
CVSS 7.8
CVE-2017-10821 HIGH
Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program - Untrusted Search Path
CVSS 7.8
CVE-2017-6768 HIGH
Cisco Application Policy Infrastructure Controller Privilege Escalation via Untrusted Library Search Path
CVSS 7.8
CVE-2017-12892 HIGH
Foxit PDF Compressor 7.0.0.183-7.7.2.10 - DLL Preloading via Installer Current Working Directory
CVSS 7.8
CVE-2017-12480 HIGH
Sandboxie Installer 5071703 - Untrusted Search Path via Trojan Horse DLL in Temp Directory
CVSS 7.8
CVE-2017-2221 HIGH
Baidu IME <3.6.1.6 - Privilege Escalation
CVSS 7.8
Details
Vulnerabilities 643
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits