Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1680

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2014-1680
Last Modified 21 Feb 2014 12:06:45
Published 14 Feb 2014 08:10:30
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1680

Summary

Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.

Vulnerable Systems

Application

  • Bandisoft Bandizip 3.00

  • Bandisoft Bandizip 3.01

  • Bandisoft Bandizip 3.02

  • Bandisoft Bandizip 3.03

  • Bandisoft Bandizip 3.04

  • Bandisoft Bandizip 3.05

  • Bandisoft Bandizip 3.06

  • Bandisoft Bandizip 3.07

  • Bandisoft Bandizip 3.08

  • Bandisoft Bandizip 3.09


References

MISC - http://www.bandisoft.com/bandizip/history

MISC - http://packetstormsecurity.com/files/125059

XF - bandzip-dll-cve20141680-code-exec(90966)

OSVDB - 102979


Last Updated: 27 May 2016 11:04:28