First published: Sun Jul 30 2017(Updated: )
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Libexpat | =2.2.1 | |
Libexpat | =2.2.2 | |
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11742 is considered a moderate severity vulnerability due to the potential for local privilege escalation.
To fix CVE-2017-11742, update to a later version of libexpat beyond 2.2.2 that addresses the DLL hijacking issue.
CVE-2017-11742 affects local users on Windows systems running vulnerable versions of libexpat, specifically 2.2.1 and 2.2.2.
CVE-2017-11742 exploits an untrusted search path vulnerability allowing a Trojan horse ADVAPI32.DLL to be used for privilege escalation.
As a workaround for CVE-2017-11742, ensure that the working directory does not contain untrusted or malicious DLL files.