← Back

CVE-2018-16190

nvd nist
Published: Feb 13, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected (4)

Micco
4 products
Lhmelting
Lmlzh32.dll
Unarj32.dll
Unlha32.dll
Configuration A
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Lhmelting
Up to 1.65.3.6
Lmlzh32.dll
Up to 2.67.1.2
Unarj32.dll
Up to 1.10.1.25
Unlha32.dll
Up to 2.67.1.2
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-426
Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (10)

Source: vultures@jpcert.or.jp
Third Party Advisory
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.