CVE-2016-1281
First published: Mon Jan 23 2017(Updated: )
Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TrueCrypt | =7.1-a | |
| TrueCrypt | =7.2 | |
| VeraCrypt | <=1.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1281?
CVE-2016-1281 has been classified with a high severity due to its potential to allow arbitrary code execution with administrator privileges.
How do I fix CVE-2016-1281?
To fix CVE-2016-1281, upgrade to VeraCrypt version 1.17-BETA or higher, as TrueCrypt is no longer maintained.
Who is affected by CVE-2016-1281?
CVE-2016-1281 affects users of TrueCrypt versions 7.1a and 7.2, as well as VeraCrypt versions up to 1.16.
What type of attack does CVE-2016-1281 enable?
CVE-2016-1281 enables DLL hijacking attacks, allowing local users to execute malicious DLL files.
Can remote users exploit CVE-2016-1281?
No, CVE-2016-1281 is an untrusted search path vulnerability that can only be exploited by local users.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/idrix
- canonical/truecrypt
- version/truecrypt/7.1-a
- version/truecrypt/7.2
- canonical/veracrypt
- version/veracrypt/1.16