Main Vulnerability Database SB2017061502

SB2017061502 - Privilege escalation in ISC BIND installer for Windows

Published: June 15, 2017

Security Bulletin ID SB2017061502

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Unquoted search path (CVE-ID: CVE-2017-3141)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unquotes search path in BIND installer for Windows during installation process. An attacker with ability to place specially crafted library into the folder, from which the BIND installer is executed, can obtain elevated privileges on the system.

Only Windows systems are affected by this issue.

Remediation

Install update from vendor's website.

References

https://kb.isc.org/article/AA-01496/74/CVE-2017-3141%3A-Windows-service-and-uninstall-paths-are-not-...