Untrusted Search Path Vulnerability in Amazon Kindle for PC by Amazon
CVE-2010-5268

Currently unrated

Key Information:

Vendor: Amazon
Status: Kindle For Pc
Vendor: CVE Published:; 7 September 2012

What is CVE-2010-5268?

The Amazon Kindle for PC application version 1.3.0 30884 is affected by an untrusted search path vulnerability that permits local users to elevate their privileges by introducing a malicious wintab32.dll file within the current working directory. This scenario can exploit the application's reliance on potentially insecure DLL search paths when handling .azw files, which could lead to unauthorized access and execution of arbitrary code.

References

http://secunia.com/advisories/42476

third-party-advisoryx_refsource_SECUNIA

http://www.coresecurity.com/content/amazon-kindle-for-pc-...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 7, 2012