CVE-2011-5158
DATEV Grundpaket Basis CD23.20 - Untrusted Search Path via Trojan Horse DLL in Current Working Directory
Title source: llmDescription
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://sotiriu.de/adv/NSOADV-2010-010.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42940
Scores
EPSS
0.0200
EPSS Percentile
78.2%
Details
CWE
CWE-426
Status
published
Products (1)
datev/grundpaket_basis
cd23.20
Published
Sep 07, 2012
Tracked Since
Feb 18, 2026