CVE-2016-1281

Name of the Vulnerable Software and Affected Versions TrueCrypt versions 7.1a through 7.2 VeraCrypt versions prior to 1.17-BETA

Description The issue allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the application directory. This can be demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll, and SRClient.dll DLLs.

Recommendations For TrueCrypt versions 7.1a through 7.2, consider updating to a version outside of this range to mitigate the risk. For VeraCrypt versions prior to 1.17-BETA, update to version 1.17-BETA or later. As a temporary workaround, consider restricting access to the application directory to minimize the risk of exploitation.