CVE-2017-5236

EUVD-2017-14341
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
rapid7appspider_pro
𝑥
≤ 6.14.059
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.rapid7.com/docs/DOC-3631
https://community.rapid7.com/docs/DOC-3631