CVE-2011-5158

Name of the Vulnerable Software and Affected Versions DATEV Grundpaket Basis CD version 23.20

Description The issue concerns untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components. These vulnerabilities allow local users to gain privileges via a Trojan horse file, specifically DVBSKNLANG101.dll or DvZediTermSrvInfo004.dll, placed in the current working directory. This can be exploited when the directory contains specific file types, including .dmt, .adl, .c02, .dof, or .jrf files.

Recommendations For DATEV Grundpaket Basis CD version 23.20, consider removing or restricting access to the vulnerable DMTGUI2.EXE and DvInesLogFileViewer.Exe components until a patch is available. As a temporary workaround, avoid using directories that contain .dmt, .adl, .c02, .dof, or .jrf files with these components. Additionally, restrict the execution of DVBSKNLANG101.dll and DvZediTermSrvInfo004.dll files in the current working directory to minimize the risk of exploitation.