#VU7092 Unquoted search path in ISC BIND - CVE-2017-3141
Published: June 15, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU7092
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Clear
CVE-ID: CVE-2017-3141
CWE-ID: CWE-428
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
ISC BIND
ISC BIND
Software vendor:
ISC
ISC
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unquotes search path in BIND installer for Windows during installation process. An attacker with ability to place specially crafted library into the folder, from which the BIND installer is executed, can obtain elevated privileges on the system.
Only Windows systems are affected by this issue.
The vulnerability exists due to unquotes search path in BIND installer for Windows during installation process. An attacker with ability to place specially crafted library into the folder, from which the BIND installer is executed, can obtain elevated privileges on the system.
Only Windows systems are affected by this issue.
Remediation
Use the latest installer for versions 9.9.10-P1, 9.10.5-P1 or 9.11.1-P1.