Vulnerability Description
March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| March-Hare | Wincvs | >= 1.0, < 2.8.01 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://hyp3rlinx.altervista.org/advisories/CVS-SUITE-2009R2-INSECURE-LIBRARY-LOAExploitThird Party Advisory
- http://march-hare.com/cvspro/vulnwincvs.htmVendor Advisory
- http://packetstormsecurity.com/files/146267/WINCVS-2009R2-DLL-Hijacking.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Feb/24ExploitMailing ListThird Party Advisory
- http://hyp3rlinx.altervista.org/advisories/CVS-SUITE-2009R2-INSECURE-LIBRARY-LOAExploitThird Party Advisory
- http://march-hare.com/cvspro/vulnwincvs.htmVendor Advisory
- http://packetstormsecurity.com/files/146267/WINCVS-2009R2-DLL-Hijacking.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Feb/24ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2018-6461?
CVE-2018-6461 is a vulnerability with a CVSS score of 7.8 (HIGH). March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local user...
How severe is CVE-2018-6461?
CVE-2018-6461 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6461?
Check the references section above for vendor advisories and patch information. Affected products include: March-Hare Wincvs, Microsoft Windows.