Untrusted Search Path Vulnerability in Bandisoft Bandizip
CVE-2014-1680

Currently unrated

Key Information:

Vendor: Bandisoft
Status: Bandizip
Vendor: CVE Published:; 14 February 2014

What is CVE-2014-1680?

The vulnerability in Bandisoft Bandizip, present in versions prior to 3.10, allows local users to exploit an untrusted search path. By placing a malicious dwmapi.dll file in the current working directory, an attacker can potentially execute unauthorized code and gain elevated privileges on the system. This vulnerability highlights the importance of secure coding practices and proper management of dynamic link libraries to safeguard user systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90966

vdb-entryx_refsource_XF

http://osvdb.org/102979

vdb-entryx_refsource_OSVDB

http://www.bandisoft.com/bandizip/history

x_refsource_MISC

Timeline

Vulnerability published
Feb 14, 2014
Vulnerability Reserved
Jan 26, 2014