CVE-2017-12266

Name of the Vulnerable Software and Affected Versions Cisco Meeting App for Windows (affected versions not specified)

Description The issue is related to incomplete input validation of the path name for DLL files before they are loaded, which could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of the application. An attacker could exploit this by installing a crafted DLL file in a specific system directory, potentially executing commands on the underlying Microsoft Windows host with equivalent privileges. The attacker would need valid user credentials to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.