Privilege Escalation via Untrusted Search Path Vulnerabilities in DATEV Grundpaket Basis CD23.20

Privilege Escalation via Untrusted Search Path Vulnerabilities in DATEV Grundpaket Basis CD23.20

CVE-2011-5158 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.

Learn more about our User Device Pen Test.