Untrusted Search Path Vulnerability in Baidunetdisk by Baidu
CVE-2021-36631

6.7MEDIUM

Key Information:

Vendor: Baidu
Status: Baidunetdisk
Vendor: CVE Published:; 22 December 2022

What is CVE-2021-36631?

Baidunetdisk versions 7.4.3 and earlier are susceptible to an untrusted search path vulnerability. This flaw enables an attacker to exploit the application's ability to load Dynamic Link Library (DLL) files from a directory that may be controlled by the attacker. By placing a malicious DLL in an unspecified directory, an attacker can execute their code with the privileges of the user running the application, potentially leading to system compromise.

References

https://github.com/shigophilo/CVE/blob/main/Baidunetdisk%...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 22, 2022
Vulnerability Reserved
Jul 12, 2021