CVE-2017-12313

Name of the Vulnerable Software and Affected Versions Cisco Network Academy Packet Tracer (affected versions not specified)

Description The issue is related to an untrusted search path, also known as DLL Preload, which could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking. This is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.