Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files.
References
Link | Resource |
---|---|
https://support.plesk.com/hc/en-us/articles/17426121182103 | Vendor Advisory |
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-plesk | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-11-27T14:12:40.130Z
Updated: 2023-11-30T13:42:44.997Z
Reserved: 2023-09-13T11:30:25.604Z
Link: CVE-2023-4931
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-27T14:15:07.930
Modified: 2023-12-01T19:06:42.203
Link: CVE-2023-4931
JSON object: View
Redhat Information
No data.
CWE