CVE-2016-4802

Published: Jun 24, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.

Affected (1)

Products: Haxx: Curl

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Haxx Curl	Up to 7.49.0

Related CWEs

References (6)

http://www.securityfocus.com/bid/90997

Source: cve@mitre.org

http://www.securitytracker.com/id/1036008

Source: cve@mitre.org

https://curl.haxx.se/docs/adv_20160530.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/90997

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036008

Source: af854a3a-2127-422b-91ae-364da2661108

https://curl.haxx.se/docs/adv_20160530.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.