CVE-2016-4349

EUVD-2016-5349
Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
ciscowebex_productivity_tools
2.40.5001.10012
𝑥
= Vulnerable software versions
References
https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2016/04/webex-productivity-tools/
https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2016/04/webex-productivity-tools/