CVE-2011-5155

{"id": "CVE-2011-5155", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-09-06T10:41:58.330", "references": [{"url": "http://secunia.com/advisories/44170", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/44170", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5009.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Help & Manual v5.5.1 Build 1296, permite a usuarios locales ganar privilegios a trav\u00e9s de un caballo de troya ijl15.dll que se encuentre en el mismo directorio de trabajo, como se demostr\u00f3 con un directorio que contiene un archivo .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, o .chm. NOTA: algunos de estos detalles han sido obtenidos de fuentes de informaci\u00f3n de terceros"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helpandmanual:help_\\&_manual:5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42656AEB-4A50-4476-9E35-1BB80C83FAF7"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'\r\n\r\n", "sourceIdentifier": "cve@mitre.org"}