Vulnerability Details CVE-2017-11742
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2017-11742
-
cpe:2.3:a:libexpat_project:libexpat:2.2.1
-
cpe:2.3:a:libexpat_project:libexpat:2.2.2
-
cpe:2.3:o:microsoft:windows:-