Main
Vulnerability Database
Exploits
ID:1241 - Exploit for Unquoted search path in ISC BIND - CVE-2017-3141
ID:1241 - Exploit for Unquoted search path in ISC BIND - CVE-2017-3141
Published: March 18, 2020
Vulnerability identifier: #VU7092
Vulnerability risk: Low
CVE-ID: CVE-2017-3141
CWE-ID: CWE-428
Exploitation vector: Local access
Vulnerable software:
ISC BIND
ISC BIND
Link to public exploit:
Vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unquotes search path in BIND installer for Windows during installation process. An attacker with ability to place specially crafted library into the folder, from which the BIND installer is executed, can obtain elevated privileges on the system.
Only Windows systems are affected by this issue.
The vulnerability exists due to unquotes search path in BIND installer for Windows during installation process. An attacker with ability to place specially crafted library into the folder, from which the BIND installer is executed, can obtain elevated privileges on the system.
Only Windows systems are affected by this issue.
Remediation
Use the latest installer for versions 9.9.10-P1, 9.10.5-P1 or 9.11.1-P1.