Untrusted Search Path Vulnerability in Symantec System Recovery and Backup Exec
CVE-2012-0305

Currently unrated

Key Information:

Vendor: Symantec
Status: Backupexec System Recovery; System Recovery
Vendor: CVE Published:; 23 July 2012

What is CVE-2012-0305?

An untrusted search path vulnerability exists in Symantec System Recovery 2011 prior to SP2 and Backup Exec System Recovery 2010 prior to SP5. This vulnerability allows local users to exploit the affected software by placing a malicious DLL in the current working directory, which can subsequently be executed with elevated privileges. This issue poses significant security risks as it enables unauthorized access to system resources and capabilities.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/54594

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2012
Vulnerability Reserved
Jan 4, 2012