Lhasa Untrusted Search Path Vulnerability Network Vulnerability

Summary

This host is installed with Lhasa and is prone to untrusted search path vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code with the privilege of the running application. Impact Level: Application

Solution

Upgrade to the Lhasa version 0.20 0r later For updates refer to http://www.digitalpad.co.jp/~takechin/download.html#lhasa

Insight

The flaw exists due to Lhasa, which loads certain executables (.exe) when extracting files.

Affected

Lhasa version 0.19 and prior

References

http://jvn.jp/en/jp/JVN88850043/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000038.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2369

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
Apple Safari Web Script Execution Vulnerabilites - June09
Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
Apache Tomcat Remote Code Execution Vulnerability - Sep14

Lhasa Untrusted search path vulnerability

Take action and discover your vulnerabilities