PT-2012-5635 · Dassault Systèmes · 3Dvia Composer

Published

2012-09-07

Updated

2012-09-17

CVE-2012-4883

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652

Description The issue allows local users to gain privileges via a Trojan horse dwmapi.dll or ibfs32.dll file in the current working directory. This can be demonstrated by a directory that contains a .smg file.

Recommendations For 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652, consider restricting access to the current working directory to prevent the placement of malicious dwmapi.dll or ibfs32.dll files until a patch is available. As a temporary workaround, avoid using directories that contain .smg files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-4883

Affected Products

3Dvia Composer

PT-2012-5635 · Dassault Systèmes · 3Dvia Composer

CVE-2012-4883

Related Identifiers

Affected Products

References · 2