CVE-2018-6461
HIGHMarch Hare WINCVS < 2.8.01 - Untrusted Search Path via Python or TCL DLL Loading
Title source: llmDescription
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/CVS-SUITE-2009R2-INSECURE-LIBRARY-LOADING-CVE-2018-6461.txt
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/146267/WINCVS-2009R2-DLL-Hijacking.html
Vendor Advisory x_refsource_confirm
http://march-hare.com/cvspro/vulnwincvs.htm
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Feb/24
Scores
CVSS v3
7.8
EPSS
0.0181
EPSS Percentile
75.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (1)
march-hare/wincvs
1.0 - 2.8.01
Published
Feb 05, 2018
Tracked Since
Feb 18, 2026