CVE-2007-6753

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows Server 2008; Windows Vista; Windows 7
Vendor: CVE Published:; 28 March 2012

Summary

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

References

http://www.securityfocus.com/bid/44484

vdb-entryx_refsource_BID

http://support.microsoft.com/kb/329308

vendor-advisoryx_refsource_MSKB

http://blog.acrossecurity.com/2010/10/breaking-setdlldire...

x_refsource_MISC

Timeline

Vulnerability published
Mar 28, 2012
Vulnerability Reserved
Mar 28, 2012

Collectors

NVD DatabaseMitre Database