CVE-2018-5457
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.
Se ha descubierto un problema de elemento de ruta de búsqueda no controlado en Vyaire Medical CareFusion Upgrade Utility, empleado en sistemas Windows XP, en versiones 2.0.2.2 y anteriores. Una explotación con éxito de esta vulnerabilidad requiere que el usuario local instale un DLL malicioso en la máquina objetivo. La aplicación carga el DLL y proporciona al atacante acceso al mismo nivel de privilegios que la aplicación.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-12 CVE Reserved
- 2018-02-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102983 | Third Party Advisory | |
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vyaire Search vendor "Vyaire" | Carefusion Upgrade Utility Search vendor "Vyaire" for product "Carefusion Upgrade Utility" | <= 2.0.2.2 Search vendor "Vyaire" for product "Carefusion Upgrade Utility" and version " <= 2.0.2.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | - |
Safe
|