DLL Preloading Vulnerability in Rapid7 AppSpider Pro Installers
CVE-2017-5236

7.8HIGH

Key Information:

Vendor: Rapid7
Status: Appspider Pro
Vendor: CVE Published:; 3 May 2017

What is CVE-2017-5236?

Installers of Rapid7 AppSpider Pro prior to version 6.14.060 are susceptible to a DLL preloading vulnerability. This issue allows an attacker to introduce a malicious DLL into the current working directory of the installer, which can compromise the integrity and security of the application during the installation process. Proper security measures and updated versions should be utilized to mitigate this vulnerability.

Affected Version(s)

AppSpider Pro All version prior to 6.14.060

References

https://community.rapid7.com/docs/DOC-3631

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2017
Vulnerability Reserved
Jan 9, 2017