Vulnerability Name:

CVE-2011-5157 (CCN-78318)

Assigned:2012-06-13
Published:2012-06-13
Updated:2017-08-29
Summary:Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107.
Note: some of these details are obtained from third party information.
Per: http://cwe.mitre.org/data/definitions/426.html

'CWE-426 Untrusted Search Path'
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2011-5157

Source: CCN
Type: SA46692
Attachmate Reflection Insecure Library Loading Vulnerability

Source: SECUNIA
Type: Vendor Advisory
46692

Source: CCN
Type: Attachmate Web site
Security Updates and Reflection

Source: CONFIRM
Type: Vendor Advisory
http://support.attachmate.com/techdocs/1708.html

Source: BID
Type: UNKNOWN
50496

Source: CCN
Type: BID-50496
Attachmate Reflection DLL Loading Arbitrary Code Execution Vulnerability

Source: XF
Type: UNKNOWN
attachmate-reflection-priv-esc(78318)

Source: XF
Type: UNKNOWN
attachmate-reflection-priv-esc(78318)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:attachmate:reflection_for_hp:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_hp:14.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_ibm:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_ibm:14.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_regis_graphics_server:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_regis_graphics_server:14.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_unix_and_openvms:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_unix_and_openvms:14.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_x:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_x:14.1:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:attachmate:reflection_x:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_x:14.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_ibm:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_ibm:14.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_regis_graphics_server:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_regis_graphics_server:14.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_unix_and_openvms:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_unix_and_openvms:14.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_hp:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:attachmate:reflection_for_hp:14.1:sp1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    attachmate reflection for hp 14.0
    attachmate reflection for hp 14.1 sp1
    attachmate reflection for ibm 14.0
    attachmate reflection for ibm 14.1 sp1
    attachmate reflection for regis graphics server 14.0
    attachmate reflection for regis graphics server 14.1 sp1
    attachmate reflection for unix and openvms 14.0
    attachmate reflection for unix and openvms 14.1 sp1
    attachmate reflection x 14.0
    attachmate reflection x 14.1 sp1
    attachmate reflection x 14.0
    attachmate reflection x 14.1 sp1
    attachmate reflection for ibm 14.0
    attachmate reflection for ibm 14.1 sp1
    attachmate reflection for regis graphics server 14.0
    attachmate reflection for regis graphics server 14.1 sp1
    attachmate reflection for unix and openvms 14.0
    attachmate reflection for unix and openvms 14.1 sp1
    attachmate reflection for hp 14.0
    attachmate reflection for hp 14.1 sp1