Main Vulnerability Database SB2016070206

SB2016070206 - Flexera InstallAnywhere untrusted DLL search path in IBM Tivoli Storage Manager Administration Center

Published: July 2, 2016 Updated: July 29, 2016

Security Bulletin ID SB2016070206

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Flexera InstallAnywhere untrusted DLL search path (CVE-ID: CVE-2016-4560)

The vulnerability allows a local userr to obtain elevated privileges on the target system.

The vulnerability exists due to an untrusted search path. A local user can gain elevated privileges on the system using a Trojan horse DLL in the current working directory of a setup-launcher executable file.

Successful exploitation of this vulnerability may result in arbitrary code execution via local system.

Remediation

Install update from vendor's website.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985483