Untrusted Search Path Vulnerability in Google Picasa
CVE-2011-0458

Currently unrated

Key Information:

Vendor: Google
Status: Picasa
Vendor: CVE Published:; 28 March 2011

What is CVE-2011-0458?

The vulnerability in Google Picasa arises from an untrusted search path in the Locate on Disk feature. When operating within this application, local users can elevate their privileges by executing a Trojan horse executable that exists in the current working directory. This flaw enables potential attackers to manipulate executable files to gain unauthorized access to system-level privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66295

vdb-entryx_refsource_XF

http://secunia.com/advisories/43853

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/47031

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2011
Vulnerability Reserved
Jan 14, 2011