CVE-2017-14010

HIGH

SpiderControl MicroBrowser <1.6.30.144 - Code Injection

Title source: llm

Description

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.

References (3)

Scores

CVSS v3 7.8
EPSS 0.0035
EPSS Percentile 57.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-427
Status published

Affected Products (1)

spidercontrol/scada_microbrowser < 1.6.30.144

Timeline

Published Apr 26, 2018
Tracked Since Feb 18, 2026