CVE-2018-0598

High

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker…

jpcert·CWE-426·Published 2018-06-26

CVSS

7.8

EPSS

0.09

KEV

Exploits

cve.orgen

209 chars

Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

NVDen

209 chars

NVDes

241 chars

Una vulnerabilidad de tipo ruta de búsqueda no confiable en un documento autoextraíble generado por IExpress en Microsoft Windows permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.3	8.6	10.0	AV:N/AC:M/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H