ID CVE-2012-3004
Summary Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:realflex:realwin:1.06:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:realwin:1.06:*:*:*:*:*:*:*
  • cpe:2.3:a:realflex:realwin:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:realwin:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:realflex:realwin:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:realwin:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realflex:realwin:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:realwin:2.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:realflex:flexview:3.1.85:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:flexview:3.1.85:*:*:*:*:*:*:*
  • cpe:2.3:a:realflex:realwindemo:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:realflex:realwindemo:2.1.12:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 10-09-2012 - 04:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
misc http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf
Last major update 10-09-2012 - 04:00
Published 08-09-2012 - 10:28
Last modified 10-09-2012 - 04:00
Back to Top