ID CVE-2012-1943
Summary Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 29-12-2017 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-10-06T04:02:17.956-04:00
class vulnerability
contributors
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Richard Helbing
    organization baramundi software
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
definition_extensions
  • comment Mozilla Thunderbird Mainline release is installed
    oval oval:org.mitre.oval:def:22093
  • comment Mozilla Seamonkey is installed
    oval oval:org.mitre.oval:def:6372
  • comment Mozilla Firefox Mainline release is installed
    oval oval:org.mitre.oval:def:22259
description Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.
family windows
id oval:org.mitre.oval:def:16924
status accepted
submitted 2013-05-13T10:26:26.748+04:00
title Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.
version 37
refmap via4
confirm
suse SUSE-SU-2012:0746
Last major update 29-12-2017 - 02:29
Published 05-06-2012 - 23:55
Last modified 29-12-2017 - 02:29
Back to Top