Input validation error in eSignal - CVE-2011-3503
Published: September 16, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU44739
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-3503
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: eSignal
Affected software:
eSignal
eSignal
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
How to mitigate CVE-2011-3503
Install update from vendor's website.