Summary
Detail | |||
---|---|---|---|
Vendor | Sap | First view | 2017-12-12 |
Product | Plant Connectivity | Last view | 2017-12-12 |
Version | 2.3 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:sap:plant_connectivity |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2017-12-12 | CVE-2017-16690 | A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-426 | Untrusted Search Path |