ID de Prueba:	1.3.6.1.4.1.25623.1.0.813808
Categoría:	General
Título:	Windows IExpress Untrusted Search Path Vulnerability
Resumen:	This host has IExpress bundled with; Microsoft Windows and is prone to an untrusted search path vulnerability.
Descripción:	Summary: This host has IExpress bundled with Microsoft Windows and is prone to an untrusted search path vulnerability. Vulnerability Insight: The flaw exists due to an untrusted search path error in self-extracting archive files created by IExpress bundled with Microsoft Windows. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code with the privilege of the user invoking a vulnerable self-extracting archive file. Affected Software/OS: IExpress bundled with Microsoft Windows Solution: As a workaround save self-extracting archive files into a newly created directory, and confirm there are no unrelated files in the directory and make sure there are no suspicious files in the directory where self-extracting archive files are saved. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0598 http://jvn.jp/en/jp/JVN72748502/index.html https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/ https://msrc.microsoft.com/blog/2018/04/triaging-a-dll-planting-vulnerability/
Copyright	Copyright (C) 2018 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.