CVE-2019-5589

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-426
View all →

Vulnerability Description

An Unsafe Search Path vulnerability in FortiClient Online Installer (Windows version before 6.0.6) may allow an unauthenticated, remote attacker with control over the directory in which FortiClientOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious .dll files in that directory.

Related Vulnerabilities

CVE-2013-2773

HIGH
CVSS:7.8(High)

Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

CWE-4262013

CVE-2013-3494

HIGH
CVSS:7.8(High)

A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.

CWE-4262013

CVE-2013-3942

HIGH
CVSS:7.8(High)

Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability

CWE-4262013

CVE-2014-3860

HIGH
CVSS:7.8(High)

Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability

CWE-4262014

CVE-2014-8358

HIGH
CVSS:7.8(High)

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the ...

CWE-4262014

CVE-2015-0974

HIGH
CVSS:7.8(High)

Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplay...

CWE-4262015