Your submission was sent successfully! Close

CVE-2017-11742

Published: 30 July 2017

The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.

Priority

Unknown

CVSS 3 base score: 7.8

Status

Package Release Status
expat
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable

zesty Not vulnerable