CWE-426

High likelihood

Untrusted Search Path

Parent: CWE-642 - External Control of Critical State Data

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

643 vulnerabilities with CWE-426
CVE-2013-3494 HIGH
UMPlayer 0.98 - Untrusted Search Path Code Execution via wintab32.dll
CVSS 7.8
CVE-2013-3942 HIGH
Potplayer < 1.5.39659 - Untrusted Search Path DLL Loading
CVSS 7.8
CVE-2013-2773 HIGH
Nitro PDF <8.5.0.26 - Remote Code Execution
CVSS 7.8
CVE-2012-1854 HIGH KEV
Microsoft Office <2010 - Privilege Escalation
CVSS 7.8
CVE-2012-2040
Adobe Flash Player < 11.2.202.235 and AIR < 3.2.0.2070 - Untrusted Search Path
CVE-2011-4125 CRITICAL
calibre - Untrusted Search Path in linux_mount_helper.c
CVSS 9.8
CVE-2011-5158
DATEV Grundpaket Basis CD23.20 - Untrusted Search Path via Trojan Horse DLL in Current Working Directory
CVE-2011-2019
Microsoft Internet Explorer <9 - Privilege Escalation
CVE-2011-3640
Google Chrome < 17.0 - Untrusted Search Path via Trojan Horse pkcs11.txt File
CVE-2011-3691
Foxit Reader <5.0.2.0718 - Privilege Escalation
CVE-2010-5250
Pthreads-win32 2.8.0 - Privilege Escalation
CVE-2010-4833
GTK+ <2.24.0 - Privilege Escalation
CVE-2010-4831
GTK+ <2.21.8 - Privilege Escalation
CVE-2010-3159
Explzh <5.67 - Privilege Escalation
CVE-2010-3190 HIGH
Microsoft Visual Studio <2010 - Privilege Escalation
CVSS 7.8
CVE-2009-0314
gedit Python Module - Untrusted Search Path Local Code Execution
CVE-2008-5983
Python < 2.6.6 - Untrusted Search Path via PySys_SetArgv API Function
CVE-2008-3357
Ingres <9.1.0 - Privilege Escalation
Details
Vulnerabilities 643
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits