CVE-2016-1281

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-1281
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1281.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-1281
Published
2017-01-23T21:59:00Z
Modified
2024-09-03T01:06:24.534238Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.

References

Affected packages

Git / github.com/veracrypt/veracrypt

Affected ranges

Type
GIT
Repo
https://github.com/veracrypt/veracrypt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

VeraCrypt_1.*

VeraCrypt_1.0a
VeraCrypt_1.0b
VeraCrypt_1.0c
VeraCrypt_1.0d
VeraCrypt_1.0e
VeraCrypt_1.0f
VeraCrypt_1.0f-1
VeraCrypt_1.0f-2
VeraCrypt_1.0f-BETA
VeraCrypt_1.0f-BETA2
VeraCrypt_1.0f-BETA3
VeraCrypt_1.12
VeraCrypt_1.13
VeraCrypt_1.14
VeraCrypt_1.15
VeraCrypt_1.16

VeraCrypt_Linux_1.*

VeraCrypt_Linux_1.0d
VeraCrypt_Linux_1.0e
VeraCrypt_Linux_1.0f-BETA

VeraCrypt_MacOSX_1.*

VeraCrypt_MacOSX_1.0d
VeraCrypt_MacOSX_1.0e
VeraCrypt_MacOSX_1.0f-BETA