Vulnerability Details : CVE-2018-0619
Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Vulnerability category: File inclusion
Products affected by CVE-2018-0619
- cpe:2.3:a:glarysoft:glary_utilities:*:*:*:*:*:*:*:.
- cpe:2.3:a:glarysoft:glary_utilities:*:*:*:*:pro:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0619
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0619
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-0619
-
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0619
-
http://jvn.jp/en/jp/JVN84967039/index.html
JVN#84967039: Installer of Glary Utilities may insecurely load Dynamic Link LibrariesThird Party Advisory
Jump to