CVE-2012-3004
published 2012-09-08CVE-2012-3004: Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to…
PriorityP417medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.45%
35.7th percentile
Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realflex | flexview | <= 3.1.85 | — |
| realflex | realwin | <= 2.1.12 | — |
| realflex | realwin | — | — |
| realflex | realwin | — | — |
| realflex | realwin | — | — |
| realflex | realwindemo | <= 2.1.12 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c53r-6gjh-p442: Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2
ghsa_unreviewed·2022-05-17
CVE-2012-3004 [MEDIUM] GHSA-c53r-6gjh-p442: Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2
Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory.
CISA ICS
RealFlex RealWinDemo DLL Hijack
cisa_ics·2014-01-02
RealFlex RealWinDemo DLL Hijack
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
RealFlex RealWinDemo DLL Hijack
Last RevisedJanuary 02, 2014
Alert CodeICSA-12-251-01
## Overview
Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in the RealFlex RealWinDemo application.
RealFlex Technologies has produced an upgrade to address this vulnerability, which Mr. Hollmann has validated, and it resolves the reported vulnerability.
## Affected Products
The following RealFlex products are affected:
- RealWinDemo 2.1.12 and prior,
- RealWin 2.1.12 and prior, an
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2012-09-08
Published