CVE-2007-6753

Severity

62%

Complexity

19%

Confidentiality

165%

Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

CVSS 2.0 Base Score 6.2. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft Windows

First reported 12 years ago

2012-03-28 19:55:00

Last updated 8 years ago

2016-11-28 19:06:00

Affected Software

Microsoft Windows 2000

Microsoft Windows 7

Microsoft Windows Server 2008

Microsoft Windows Vista

Microsoft Windows XP

References

http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html

41984

Vendor Advisory

329308

44484

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.