CVE-2017-11742

EUVD-2017-3352
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
libexpat_projectlibexpat
2.2.1
libexpat_projectlibexpat
2.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
expat
bookworm
2.5.0-1
fixed
bookworm (security)
2.5.0-1+deb12u1
fixed
bullseye
2.2.10-2+deb11u5
fixed
bullseye (security)
2.2.10-2+deb11u6
fixed
sid
2.6.3-2
fixed
trixie
2.6.3-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
expat
trusty
not-affected
xenial
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100147
https://github.com/libexpat/libexpat/issues/82
http://www.securityfocus.com/bid/100147
https://github.com/libexpat/libexpat/issues/82