Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bandizip | Bandisoft | * | 3.09 (including) |
| Bandizip | Bandisoft | 3.00 (including) | 3.00 (including) |
| Bandizip | Bandisoft | 3.01 (including) | 3.01 (including) |
| Bandizip | Bandisoft | 3.02 (including) | 3.02 (including) |
| Bandizip | Bandisoft | 3.03 (including) | 3.03 (including) |
| Bandizip | Bandisoft | 3.04 (including) | 3.04 (including) |
| Bandizip | Bandisoft | 3.05 (including) | 3.05 (including) |
| Bandizip | Bandisoft | 3.06 (including) | 3.06 (including) |
| Bandizip | Bandisoft | 3.07 (including) | 3.07 (including) |
| Bandizip | Bandisoft | 3.08 (including) | 3.08 (including) |
References
- http://osvdb.org/102979
- http://packetstormsecurity.com/files/125059
- http://www.bandisoft.com/bandizip/history
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90966
- http://osvdb.org/102979
- http://packetstormsecurity.com/files/125059
- http://www.bandisoft.com/bandizip/history
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90966