Search

Find a vulnerability

Search criteria

    1 vulnerability found for Visual C++ Redistributable Installer by Microsoft Corporation

    JVNDB-2018-000051

    Vulnerability from jvndb - Published: 2018-05-17 14:57 - Updated:2019-07-05 16:41
    Severity
    Summary
    The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries
    Details
    The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer (CWE-427). Microsoft states that the root cause of this vulnerability is "Application Directory (App Dir) DLL planting" and attacks exploiting this vulnerability are limited, thus there is no plan to release any security updates to address this issue. For details, refer to "Application Directory (App Dir) DLL planting" released by Microsoft.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000051.html",
      "dc:date": "2019-07-05T16:41+09:00",
      "dcterms:issued": "2018-05-17T14:57+09:00",
      "dcterms:modified": "2019-07-05T16:41+09:00",
      "description": "The installer of Visual C++ Redistributable provided Microsoft contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory as the installer (CWE-427).\r\nMicrosoft states that the root cause of this vulnerability is \"Application Directory (App Dir) DLL planting\" and attacks exploiting this vulnerability are limited, thus there is no plan to release any security updates to address this issue.\r\n\r\nFor details, refer to \"Application Directory (App Dir) DLL planting\" released by Microsoft.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000051.html",
      "sec:cpe": {
        "#text": "cpe:/a:microsoft:visual_c%2B%2B_redistributable_installer",
        "@product": "Visual C++ Redistributable Installer",
        "@vendor": "Microsoft Corporation",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000051",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN81196185/index.html",
          "@id": "JVN#81196185",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0599",
          "@id": "CVE-2018-0599",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0599",
          "@id": "CVE-2018-0599",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of Visual C++ Redistributable may insecurely load Dynamic Link Libraries"
    }