CVE-2017-14010
HIGHSpiderControl MicroBrowser <1.6.30.144 - Code Injection
Title source: llmDescription
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
References (3)
Core 3
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01
Patch x_refsource_misc
http://spidercontrol.net/download/downloadarea/?lang=en
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101505
Scores
CVSS v3
7.8
EPSS
0.0204
EPSS Percentile
78.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
spidercontrol/scada_microbrowser
< 1.6.30.144
Published
Apr 26, 2018
Tracked Since
Feb 18, 2026