Lhaplus Untrusted Search Path Vulnerability Network Vulnerability

Summary

This host is installed with Lhaplus and is prone to untrusted search path vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code with the privilege of the running application. Impact Level: Application.

Solution

Upgrade to the Lhaplus version 1.58 For updates refer to http://www7a.biglobe.ne.jp/~schezo/

Insight

The flaw exists because the application loading libraries and executable in an insecure manner.

Affected

Lhaplus version 1.57 and prior

References

http://jvn.jp/en/jp/JVN82752978/index.html
http://secunia.com/advisories/41742
http://www.ipa.go.jp/about/press/20101012.html
http://www7a.biglobe.ne.jp/~schezo/dll_vul.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2368, CVE-2010-3158

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Apple Mac OS X Multiple Vulnerabilities - 02 Jan14
Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)

Lhaplus Untrusted search path Vulnerability

Take action and discover your vulnerabilities