CVE-2015-0096

HIGH Year: 2015
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-426
View all →

Vulnerability Description

Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."

Related Vulnerabilities

CVE-2011-4125

CRITICAL
CVSS:9.8(Critical)

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

CWE-4262011

CVE-2017-12414

CRITICAL
CVSS:9.8(Critical)

Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.

CWE-4262017

CVE-2017-2225

CRITICAL
CVSS:9.8(Critical)

Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CWE-4262017

CVE-2018-19486

CRITICAL
CVSS:9.8(Critical)

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, becaus...

CWE-4262018

CVE-2020-15801

CRITICAL
CVSS:9.8(Critical)

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) ...

CWE-4262020

CVE-2022-26184

CRITICAL
CVSS:9.8(Critical)

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malici...

CWE-4262022