PT-2019-10016 · Exiftool · Exiftool

Rafael Pedrero

Published

2019-01-02

Updated

2019-01-11

CVE-2018-20211

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: ExifTool version 8.32

Description: The issue allows local users to gain privileges through a DLL hijacking attack. This can be achieved by creating a specific folder in the %TEMP% directory with a victim's username and then copying a malicious ws32 32.dll file into this new folder.

Recommendations: For ExifTool version 8.32, consider updating to a newer version to mitigate the risk, as version 8.32 is obsolete.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2018-20211

Affected Products

Exiftool

PT-2019-10016 · Exiftool · Exiftool

CVE-2018-20211

Weakness Enumeration

Related Identifiers

Affected Products

References · 4