Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt prior to 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
idrix truecrypt 7.1 |
||
idrix veracrypt |
||
idrix truecrypt 7.2 |