Lhasa Untrusted Search Path Vulnerability Network Vulnerability

Summary

This host is installed with Lhasa and is prone to untrusted search path vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code with the privilege of the running application. Impact Level: Application

Solution

Upgrade to the Lhasa version 0.20 0r later For updates refer to http://www.digitalpad.co.jp/~takechin/download.html#lhasa

Insight

The flaw exists due to Lhasa, which loads certain executables (.exe) when extracting files.

Affected

Lhasa version 0.19 and prior

References

http://jvn.jp/en/jp/JVN88850043/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000038.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2369

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Apple Mac OS X Denial of Service Vulnerability
Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability

Lhasa Untrusted search path vulnerability

Take action and discover your vulnerabilities