CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).

Product Status

Learn more

Information not provided

References 2 Total

seclists.org: 20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0
external site
mailing-list
http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html
external site

Updated: 2024-08-05

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

seclists.org: 20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0
external site
mailing-listx_transferred
http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 2 Total

CVE Program

References 2 Total