CVE-2017-12312

Name of the Vulnerable Software and Affected Versions Cisco Immunet (affected versions not specified)

Description The issue is related to an untrusted search path, also known as DLL Preloading, in the Cisco Immunet antimalware installer. This could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The problem arises from incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this by creating a malicious DLL file and installing it in a specific system directory, potentially executing commands on the underlying Microsoft Windows host with SYSTEM account privileges. The attacker would need valid user credentials to exploit this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.