CVE-2007-6753
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
Ruta de búsqueda no confiable en Shell32.dll en Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, cuando se usa un entorno configurado con una cadena como %APPDATA% o %PROGRAMFILES% en cierto modo permite a usuarios locales conseguir privilegios a través de un caballo de Troya DLL en el directorio de trabajo actual, como se demuestra con iTunes y Safari.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-03-28 CVE Reserved
- 2012-03-28 CVE Published
- 2024-08-04 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html | X_refsource_misc | |
http://www.securityfocus.com/bid/44484 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/41984 | 2016-11-28 | |
http://support.microsoft.com/kb/329308 | 2016-11-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | * | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | * | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | - |
Affected
|