CVE-2011-0403

ImgBurn <2.5.4.0 - RCE

Title source: llm

Description

Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by d3c0der · cdoswindows

https://www.exploit-db.com/exploits/35163

View Code ZIP pw:eip

References (5)

[Exploit] http://packetstormsecurity.org/files/view/97207/imgburn-dllhijack.txt

[Vendor Advisory] http://secunia.com/advisories/42798

[Exploit] http://www.securityfocus.com/bid/45657

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64478

[Third Party Advisory, VDB Entry] http://osvdb.org/70273

Scores

EPSS 0.0420

EPSS Percentile 88.8%

Details

Status published

Products (20)

imgburn/imgburn 1.0.0.0

imgburn/imgburn 1.1.0.0

imgburn/imgburn 1.2.0.0

imgburn/imgburn 1.3.0.0

imgburn/imgburn 2.0.0.0

imgburn/imgburn 2.1.0.0

imgburn/imgburn 2.2.0.0

imgburn/imgburn 2.3.0.0

imgburn/imgburn 2.3.1.0

imgburn/imgburn 2.3.2.0

... and 10 more

Published Jan 11, 2011

Tracked Since Feb 18, 2026