Glarysoft Glary Utilities up to 5.99 DLL Loader Search Path untrusted search path

Summaryinfo

A vulnerability was found in Glarysoft Glary Utilities up to 5.99. It has been declared as problematic. Impacted is an unknown function of the component DLL Loader. The manipulation as part of Search Path results in untrusted search path. This vulnerability is identified as CVE-2018-0619. The attack is only possible with local access. There is not any exploit available.

Detailsinfo

A vulnerability was found in Glarysoft Glary Utilities up to 5.99. It has been classified as problematic. Affected is some unknown processing of the component DLL Loader. The manipulation as part of a Search Path leads to a untrusted search path vulnerability. CWE is classifying the issue as CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

The bug was discovered 07/03/2018. The weakness was released 07/26/2018 (Website). The advisory is available at jvn.jp. This vulnerability is traded as CVE-2018-0619 since 11/26/2017. Local access is required to approach this attack. Required for exploitation is a authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1574 by the MITRE ATT&CK project.

The vulnerability was handled as a non-public zero-day exploit for at least 23 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Glarysoft

Name

• Glary Utilities

Version

• 5.0
• 5.1
• 5.2
• 5.3
• 5.4
• 5.5
• 5.6
• 5.7
• 5.8
• 5.9
• 5.10
• 5.11
• 5.12
• 5.13
• 5.14
• 5.15
• 5.16
• 5.17
• 5.18
• 5.19
• 5.20
• 5.21
• 5.22
• 5.23
• 5.24
• 5.25
• 5.26
• 5.27
• 5.28
• 5.29
• 5.30
• 5.31
• 5.32
• 5.33
• 5.34
• 5.35
• 5.36
• 5.37
• 5.38
• 5.39
• 5.40
• 5.41
• 5.42
• 5.43
• 5.44
• 5.45
• 5.46
• 5.47
• 5.48
• 5.49
• 5.50
• 5.51
• 5.52
• 5.53
• 5.54
• 5.55
• 5.56
• 5.57
• 5.58
• 5.59
• 5.60
• 5.61
• 5.62
• 5.63
• 5.64
• 5.65
• 5.66
• 5.67
• 5.68
• 5.69
• 5.70
• 5.71
• 5.72
• 5.73
• 5.74
• 5.75
• 5.76
• 5.77
• 5.78
• 5.79
• 5.80
• 5.81
• 5.82
• 5.83
• 5.84
• 5.85
• 5.86
• 5.87
• 5.88
• 5.89
• 5.90
• 5.91
• 5.92
• 5.93
• 5.94
• 5.95
• 5.96
• 5.97
• 5.98
• 5.99

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion