- Description
- MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.
- Source
- PSIRT-CNA@flexerasoftware.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alt-n:mdaemon:9.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20CB70E2-1E3A-4FC1-BD26-E22EAC68D874"
},
{
"criteria": "cpe:2.3:a:alt-n:mdaemon:9.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC8AC4F7-CADE-448D-82C6-C4D19EAAADFB"
},
{
"criteria": "cpe:2.3:a:alt-n:mdaemon:9.51:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A3610BC-6E11-437F-B7DF-3FEC2812BBC3"
},
{
"criteria": "cpe:2.3:a:alt-n:mdaemon:9.53:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B578384C-73DA-4D2A-8A5D-5293391A3172"
}
],
"operator": "OR"
}
]
}
]