CVE-2014-1680

Published Feb 14, 2014

Last updated 7 years ago

CVSS info 6.9

Overview

Description: Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28896B75-B165-4DD1-B946-8E462AA97BC5",
            "versionEndIncluding": "3.09"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77185E8A-B800-4F9B-8B4E-4650DD4251BE"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E6E1C80-F4DB-49CC-9A45-F02AE2F979B4"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "145FB6C3-E726-41CC-9744-B0603358A400"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4631CA23-FB06-431F-975C-4BFE0C01EE2A"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1A9824E-DCBA-4E77-8D8C-A337777229BC"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C92EE0DB-6DD7-4F1E-95FD-EF876134C7FD"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9830DC40-5C7E-4FFF-B899-2FD6AAFC2C1D"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EA06E91-ADFC-4B96-B6DF-C208F1081292"
          },
          {
            "criteria": "cpe:2.3:a:bandisoft:bandizip:3.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2C2774B-23A3-41ED-88E1-E8AE9A319520"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References