MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2014-1680

CVSS 6.9v2.0pub. 2014-02-14upd. 2026-04-29

Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.

CVSS Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C
  • Bandisoft Bandizip

    APP
    Bandisoft
    3.003.013.023.033.043.053.063.073.08≀ 3.09
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-26623HIGH7.8ten sam produkt

A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's para...

CVE-2025-33027MEDIUM6.1ten sam produkt

In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows...

CVE-2023-4863HIGH8.8⚠ KEVten sam vendor

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote at...

CVE-2021-26635HIGH7.8ten sam vendor

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from ...

CVE-2021-26615HIGH7.8ten sam vendor

ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNa...

CVE-2014-1680 β€” Bandisoft β€” Bandizip β€” MEDIUM β€” CVSS 6.9 | CVEbaza.pl