CVE ID:

CVE-2011-0403

Details:

Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.

References:

:http://packetstormsecurity.org/files/view/97207/imgburn-dllhijack.txt
BID:45657
:http://www.securityfocus.com/bid/45657
OSVDB:70273
:http://osvdb.org/70273
:42798
:http://secunia.com/advisories/42798
XF:imgburn-dll-code-execution(64478)
:http://xforce.iss.net/xforce/xfdb/64478

ZeroDayLab Assigned Tags:

LOCAL
CODE EXECUTION
REMOTE
HIJACK ATTACK
TROJAN HORSE