CVE-2018-16190
HIGHLHMelting < 1.65.3.6 and UNARJ32.DLL < 1.10.1.25 - Untrusted Search Path
Title source: llmDescription
Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN52168232/index.html
Patch, Vendor Advisory x_refsource_misc
http://micco.mars.jp/vul/2017/mhsvi20170515_04.htm
Patch, Vendor Advisory x_refsource_misc
https://micco.mars.jp/vul/2017/mhsvi20170515_03.htm
Patch, Vendor Advisory x_refsource_misc
http://micco.mars.jp/vul/2017/mhsvi20170515_05.htm
Patch, Vendor Advisory x_refsource_misc
http://micco.mars.jp/vul/2017/mhsvi20170515_02.htm
Scores
CVSS v3
7.8
EPSS
0.0093
EPSS Percentile
56.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (4)
micco/lhmelting
< 1.65.3.6
micco/lmlzh32.dll
< 2.67.1.2
micco/unarj32.dll
< 1.10.1.25
micco/unlha32.dll
< 2.67.1.2
Published
Feb 13, 2019
Tracked Since
Feb 18, 2026