CVE-2017-14010

In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path.  If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
spidercontrolscada_microbrowser
𝑥
≤ 1.6.30.144
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://spidercontrol.net/download/downloadarea/?lang=en
http://www.securityfocus.com/bid/101505
https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01
http://spidercontrol.net/download/downloadarea/?lang=en
http://www.securityfocus.com/bid/101505
https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01