Untrusted Search Path Vulnerability in Google Picasa
CVE-2011-0458

Currently unrated

Key Information:

Vendor: Google
Status: Picasa
Vendor: CVE Published:; 28 March 2011

Summary

The vulnerability in Google Picasa arises from an untrusted search path in the Locate on Disk feature. When operating within this application, local users can elevate their privileges by executing a Trojan horse executable that exists in the current working directory. This flaw enables potential attackers to manipulate executable files to gain unauthorized access to system-level privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66295

vdb-entryx_refsource_XF

http://secunia.com/advisories/43853

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/47031

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 28, 2011
Vulnerability Reserved
Jan 14, 2011