Untrusted Search Path Vulnerability in Visual C++ Redistributable by Microsoft
CVE-2018-0599

7.8HIGH

Key Information:

Vendor: Microsoft
Status: The Installer Of Visual C++ Redistributable
Vendor: CVE Published:; 26 June 2018

What is CVE-2018-0599?

A vulnerability exists in the installer of the Visual C++ Redistributable that allows an attacker to exploit the untrusted search path. This can lead to privilege escalation if a malicious DLL is placed in a directory that the installer searches. When executed, the attacker gains elevated privileges, leading to potential system compromise. Organizations should ensure they are using the latest versions of the Visual C++ Redistributable and follow best practices for software installations to mitigate this risk.

Affected Version(s)

The installer of Visual C++ Redistributable = unspecified

References

https://blogs.technet.microsoft.com/srd/2018/04/04/triagi...

x_refsource_MISC

http://jvn.jp/en/jp/JVN81196185/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2018
Vulnerability Reserved
Nov 27, 2017