CVE-2012-4755 : Untrusted search path vulnerability in SciTools Understand before 2.6 build 600

Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from third party information.

Published 2012-09-06 10:41:59

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2012-4755

Scitools » Understand » Version: 2.6
cpe:2.3:a:scitools:understand:2.6:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-4755

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 17 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-4755

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2012-4755

http://www.scitools.com/support/buildLogs/understand26_build_log.html

Page not found | SciTools.com
Vendor Advisory
http://secunia.com/advisories/47921

Sign in
Vendor Advisory
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5071.php

Zero Science Lab » SciTools Understand 2.6 (wintab32.dll) DLL Loading Arbitrary Code Execution

Jump to

Vulnerability Details : CVE-2012-4755

Products affected by CVE-2012-4755

Exploit prediction scoring system (EPSS) score for CVE-2012-4755

CVSS scores for CVE-2012-4755

References for CVE-2012-4755