CVE-2011-5158

Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information.
References
Link Resource
http://secunia.com/advisories/42940 Third Party Advisory
http://sotiriu.de/adv/NSOADV-2010-010.txt Exploit Third Party Advisory
http://secunia.com/advisories/42940 Third Party Advisory
http://sotiriu.de/adv/NSOADV-2010-010.txt Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:datev:grundpaket_basis:cd23.20:*:*:*:*:*:*:*

History

21 Nov 2024, 01:33

Type Values Removed Values Added
References () http://secunia.com/advisories/42940 - Third Party Advisory () http://secunia.com/advisories/42940 - Third Party Advisory
References () http://sotiriu.de/adv/NSOADV-2010-010.txt - Exploit, Third Party Advisory () http://sotiriu.de/adv/NSOADV-2010-010.txt - Exploit, Third Party Advisory

Information

Published : 2012-09-07 10:32

Updated : 2024-11-21 01:33


NVD link : CVE-2011-5158

Mitre link : CVE-2011-5158

CVE.ORG link : CVE-2011-5158


JSON object : View

Products Affected

datev

  • grundpaket_basis
CWE
CWE-426

Untrusted Search Path