CVE-2011-5158

HIGH Year: 2011
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-426
View all →

Vulnerability Description

Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.

Related Vulnerabilities

CVE-2011-4125

CRITICAL
CVSS:9.8(Critical)

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

CWE-4262011

CVE-2017-12414

CRITICAL
CVSS:9.8(Critical)

Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.

CWE-4262017

CVE-2017-2225

CRITICAL
CVSS:9.8(Critical)

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CWE-4262017

CVE-2018-19486

CRITICAL
CVSS:9.8(Critical)

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, becaus...

CWE-4262018

CVE-2020-15801

CRITICAL
CVSS:9.8(Critical)

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) ...

CWE-4262020

CVE-2022-26184

CRITICAL
CVSS:9.8(Critical)

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malici...

CWE-4262022