Vulnerability Details CVE-2016-1281
Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.4
References
Products affected by CVE-2016-1281
-
cpe:2.3:a:idrix:truecrypt:7.1
-
cpe:2.3:a:idrix:truecrypt:7.2
-
cpe:2.3:a:idrix:veracrypt:1.0a
-
cpe:2.3:a:idrix:veracrypt:1.0b
-
cpe:2.3:a:idrix:veracrypt:1.0c
-
cpe:2.3:a:idrix:veracrypt:1.0d
-
cpe:2.3:a:idrix:veracrypt:1.0e
-
cpe:2.3:a:idrix:veracrypt:1.0f
-
cpe:2.3:a:idrix:veracrypt:1.0f-1
-
cpe:2.3:a:idrix:veracrypt:1.0f-2
-
cpe:2.3:a:idrix:veracrypt:1.12
-
cpe:2.3:a:idrix:veracrypt:1.13
-
cpe:2.3:a:idrix:veracrypt:1.14
-
cpe:2.3:a:idrix:veracrypt:1.15
-
cpe:2.3:a:idrix:veracrypt:1.16