Untrusted Search Path Vulnerability in Microsoft Windows Products
CVE-2007-6753

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows Server 2008; Windows Vista; Windows 7
Vendor: CVE Published:; 28 March 2012

What is CVE-2007-6753?

An untrusted search path vulnerability exists in the Shell32.dll component of Microsoft Windows operating systems. This vulnerability arises when specific environment variables, such as %APPDATA% or %PROGRAMFILES%, are configured improperly, allowing local users to exploit the current working directory. This exploitation can enable the execution of a Trojan horse DLL, posing a significant security risk. Notably, applications like iTunes and Safari have been demonstrated to be impacted, raising concerns about potential privilege escalation for local users.

References

http://www.securityfocus.com/bid/44484

vdb-entryx_refsource_BID

http://support.microsoft.com/kb/329308

vendor-advisoryx_refsource_MSKB

http://blog.acrossecurity.com/2010/10/breaking-setdlldire...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2012
Vulnerability Reserved
Mar 28, 2012