Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Imgburn | Imgburn | 1.0.0.0 (including) | 1.0.0.0 (including) |
| Imgburn | Imgburn | 1.1.0.0 (including) | 1.1.0.0 (including) |
| Imgburn | Imgburn | 1.2.0.0 (including) | 1.2.0.0 (including) |
| Imgburn | Imgburn | 1.3.0.0 (including) | 1.3.0.0 (including) |
| Imgburn | Imgburn | 2.0.0.0 (including) | 2.0.0.0 (including) |
| Imgburn | Imgburn | 2.1.0.0 (including) | 2.1.0.0 (including) |
| Imgburn | Imgburn | 2.2.0.0 (including) | 2.2.0.0 (including) |
| Imgburn | Imgburn | 2.3.0.0 (including) | 2.3.0.0 (including) |
| Imgburn | Imgburn | 2.3.1.0 (including) | 2.3.1.0 (including) |
| Imgburn | Imgburn | 2.3.2.0 (including) | 2.3.2.0 (including) |
| Imgburn | Imgburn | 2.4.0.0 (including) | 2.4.0.0 (including) |
| Imgburn | Imgburn | 2.4.1.0 (including) | 2.4.1.0 (including) |
| Imgburn | Imgburn | 2.4.2.0 (including) | 2.4.2.0 (including) |
| Imgburn | Imgburn | 2.4.3.0 (including) | 2.4.3.0 (including) |
| Imgburn | Imgburn | 2.4.4.0 (including) | 2.4.4.0 (including) |
| Imgburn | Imgburn | 2.5.0.0 (including) | 2.5.0.0 (including) |
| Imgburn | Imgburn | 2.5.1.0 (including) | 2.5.1.0 (including) |
| Imgburn | Imgburn | 2.5.2.0 (including) | 2.5.2.0 (including) |
| Imgburn | Imgburn | 2.5.3.0 (including) | 2.5.3.0 (including) |
| Imgburn | Imgburn | 2.5.4.0 (including) | 2.5.4.0 (including) |