PT-2017-12543 · Free Time · Format Factory
Published
2017-08-03
·
Updated
2017-08-09
·
CVE-2017-12414
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Format Factory version 4.1.0
Description
The issue arises from the use of an untrusted search path for certain DLL files, including
msimg32.dll, WindowsCodecs.dll, and dwmapi.dll, which can lead to a DLL hijacking vulnerability.Recommendations
For Format Factory version 4.1.0, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to the vulnerable DLL files
msimg32.dll, WindowsCodecs.dll, and dwmapi.dll to minimize the risk of exploitation.Exploit
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Format Factory