CVE-2016-4349

Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140.

Published: Apr 29, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-4349
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / webex_productivity_tools	2.40.5001.10012	2.40.5001.10012.x

https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2016/04/webex-productivity-tools/

Vulnerability Database

290,020

CVE-2016-4349