Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-11742

Published: 30 July 2017

The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.

Notes

AuthorNote
ratliff 
windows specific

Priority

Unknown

CVSS 3 base score: 7.8

Status

Package Release Status
expat
Launchpad, Ubuntu, Debian 		precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable

zesty Not vulnerable

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading