CVE-2014-1680

Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
bandisoftbandizip
𝑥
≤ 3.09
bandisoftbandizip
3.00
bandisoftbandizip
3.01
bandisoftbandizip
3.02
bandisoftbandizip
3.03
bandisoftbandizip
3.04
bandisoftbandizip
3.05
bandisoftbandizip
3.06
bandisoftbandizip
3.07
bandisoftbandizip
3.08
𝑥
= Vulnerable software versions
References
http://osvdb.org/102979
http://packetstormsecurity.com/files/125059
http://www.bandisoft.com/bandizip/history
https://exchange.xforce.ibmcloud.com/vulnerabilities/90966
http://osvdb.org/102979
http://packetstormsecurity.com/files/125059
http://www.bandisoft.com/bandizip/history
https://exchange.xforce.ibmcloud.com/vulnerabilities/90966