CVE-2019-1855

Name of the Vulnerable Software and Affected Versions Cisco Jabber for Windows (affected versions not specified)

Description A vulnerability in the loading mechanism of specific dynamic link libraries could allow an authenticated, local attacker to perform a DLL preloading attack. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.