CVE-2012-2753 (GCVE-0-2012-2753)

Vulnerability from cvelistv5 – Published: 2012-06-19 20:00 – Updated: 2024-09-16 23:45

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	https://supportcenter.checkpoint.com/supportcente…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:42:32.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-06-19T20:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2753",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
            },
            {
              "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480",
              "refsource": "CONFIRM",
              "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-2753",
    "datePublished": "2012-06-19T20:00:00Z",
    "dateReserved": "2012-05-15T00:00:00Z",
    "dateUpdated": "2024-09-16T23:45:33.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:endpoint_connect:r73:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1153CE1D-5228-484C-97A5-A8DC2810638C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*\", \"matchCriteriaId\": \"411DFCC1-0B71-456C-833F-4D423AAE67FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*\", \"matchCriteriaId\": \"25E330FE-2BCB-4887-BDF7-5956C3ADA26A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*\", \"matchCriteriaId\": \"B562E6A4-65AB-4139-B497-9D3D5BE51E46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*\", \"matchCriteriaId\": \"5A1E05B2-8FB6-4694-8AE8-24FAEE1C632B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:endpoint_security:r73:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"020E1329-9D13-421D-8475-BB7F159DB82C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:endpoint_security_vpn:r75:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEC71EAB-E222-4E73-97F6-29975093A1F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:remote_access_clients:e75:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52DEDD86-1972-484E-8D2F-7EDAB8FFCFA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:remote_access_clients:e75.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B14BF3D-4D60-4775-8392-6CD322A88414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:checkpoint:remote_access_clients:e75.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF6B60FE-0662-4208-9A24-5E21118CC4FA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ruta de b\\u00fasqueda no confiable en TrGUI.exe en el Endpoint Connect (aka EPC) GUI en Check Point Endpoint Security R73.x y E80.x en la plataforma VPN blade, Endpoint Security VPN R75, Endpoint Connect R73.x, y Remote Access Clients E75.x permite a usuarios locales conseguir privilegios a trav\\u00e9s de un caballo de Troya DLL en el directorio de trabajo actual.\"}]",
      "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
      "id": "CVE-2012-2753",
      "lastModified": "2024-11-21T01:39:34.640",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2012-06-19T20:55:07.037",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2753\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-06-19T20:55:07.037\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta de b\u00fasqueda no confiable en TrGUI.exe en el Endpoint Connect (aka EPC) GUI en Check Point Endpoint Security R73.x y E80.x en la plataforma VPN blade, Endpoint Security VPN R75, Endpoint Connect R73.x, y Remote Access Clients E75.x permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya DLL en el directorio de trabajo actual.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:endpoint_connect:r73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1153CE1D-5228-484C-97A5-A8DC2810638C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*\",\"matchCriteriaId\":\"411DFCC1-0B71-456C-833F-4D423AAE67FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*\",\"matchCriteriaId\":\"25E330FE-2BCB-4887-BDF7-5956C3ADA26A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*\",\"matchCriteriaId\":\"B562E6A4-65AB-4139-B497-9D3D5BE51E46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*\",\"matchCriteriaId\":\"5A1E05B2-8FB6-4694-8AE8-24FAEE1C632B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:endpoint_security:r73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"020E1329-9D13-421D-8475-BB7F159DB82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:endpoint_security_vpn:r75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC71EAB-E222-4E73-97F6-29975093A1F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:remote_access_clients:e75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52DEDD86-1972-484E-8D2F-7EDAB8FFCFA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:remote_access_clients:e75.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B14BF3D-4D60-4775-8392-6CD322A88414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:checkpoint:remote_access_clients:e75.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF6B60FE-0662-4208-9A24-5E21118CC4FA\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}],\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/426.html\\r\\n\\r\\n\u0027CWE-426: Untrusted Search Path\u0027\"}}"
  }
}

CERTA-2012-AVI-318

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Check Point Endpoint Connect. Cette vulnérabilité est due à un chargement de bibliothèque non sécurisé et peut être exploitée pour exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Check Point	N/A	Check Point Endpoint Security VPN R75 ;
Check Point	N/A	Check Point Endpoint Security R73.x/E80.x ;
Check Point	N/A	Check Point Remote Access Clients E75.x.
Check Point	N/A	Check Point Endpoint Connect R73.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Check Point du 10 juin 2012	None	vendor-advisory
Bulletin de sécurité CheckPoint fichier du 10 juin 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Check Point Endpoint Security VPN R75 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Check Point Endpoint Security R73.x/E80.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Check Point Remote Access Clients E75.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Check Point Endpoint Connect R73.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2753"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 CheckPoint fichier du 10 juin 2012 :",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480\u0026src=securityAlerts"
    }
  ],
  "reference": "CERTA-2012-AVI-318",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCheck Point\nEndpoint Connect\u003c/span\u003e. Cette vuln\u00e9rabilit\u00e9 est due \u00e0 un chargement de\nbiblioth\u00e8que non s\u00e9curis\u00e9 et peut \u00eatre exploit\u00e9e pour ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Check Point Endpoint Connect",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Check Point du 10 juin 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-318

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Check Point	N/A	Check Point Endpoint Security VPN R75 ;
Check Point	N/A	Check Point Endpoint Security R73.x/E80.x ;
Check Point	N/A	Check Point Remote Access Clients E75.x.
Check Point	N/A	Check Point Endpoint Connect R73.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Check Point du 10 juin 2012	None	vendor-advisory
Bulletin de sécurité CheckPoint fichier du 10 juin 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Check Point Endpoint Security VPN R75 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Check Point Endpoint Security R73.x/E80.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Check Point Remote Access Clients E75.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    },
    {
      "description": "Check Point Endpoint Connect R73.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Check Point",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2753"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 CheckPoint fichier du 10 juin 2012 :",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480\u0026src=securityAlerts"
    }
  ],
  "reference": "CERTA-2012-AVI-318",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCheck Point\nEndpoint Connect\u003c/span\u003e. Cette vuln\u00e9rabilit\u00e9 est due \u00e0 un chargement de\nbiblioth\u00e8que non s\u00e9curis\u00e9 et peut \u00eatre exploit\u00e9e pour ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Check Point Endpoint Connect",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Check Point du 10 juin 2012",
      "url": null
    }
  ]
}

GHSA-6P22-M9PJ-G88J

Vulnerability from github – Published: 2022-05-17 05:28 – Updated: 2022-05-17 05:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2753"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-19T20:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.",
  "id": "GHSA-6p22-m9pj-g88j",
  "modified": "2022-05-17T05:28:10Z",
  "published": "2022-05-17T05:28:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2753"
    },
    {
      "type": "WEB",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-2753

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2753

Aliases

CVE-2012-2753

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2753",
    "description": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.",
    "id": "GSD-2012-2753"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2753"
      ],
      "details": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.",
      "id": "GSD-2012-2753",
      "modified": "2023-12-13T01:20:15.993869Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-2753",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
          },
          {
            "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480",
            "refsource": "CONFIRM",
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:remote_access_clients:e75.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security_vpn:r75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_connect:r73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:r73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:remote_access_clients:e75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:remote_access_clients:e75.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2753"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
            },
            {
              "name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2012-06-26T04:00Z",
      "publishedDate": "2012-06-19T20:55Z"
    }
  }
}

FKIE_CVE-2012-2753

Vulnerability from fkie_nvd - Published: 2012-06-19 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html
cve@mitre.org	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html
af854a3a-2127-422b-91ae-364da2661108	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
checkpoint	endpoint_connect	r73
checkpoint	endpoint_security	e80
checkpoint	endpoint_security	e80.10
checkpoint	endpoint_security	e80.20
checkpoint	endpoint_security	e80.30
checkpoint	endpoint_security	r73
checkpoint	endpoint_security_vpn	r75
checkpoint	remote_access_clients	e75
checkpoint	remote_access_clients	e75.10
checkpoint	remote_access_clients	e75.20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:checkpoint:endpoint_connect:r73:*:*:*:*:*:*:*",
              "matchCriteriaId": "1153CE1D-5228-484C-97A5-A8DC2810638C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*",
              "matchCriteriaId": "411DFCC1-0B71-456C-833F-4D423AAE67FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*",
              "matchCriteriaId": "25E330FE-2BCB-4887-BDF7-5956C3ADA26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*",
              "matchCriteriaId": "B562E6A4-65AB-4139-B497-9D3D5BE51E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*",
              "matchCriteriaId": "5A1E05B2-8FB6-4694-8AE8-24FAEE1C632B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:endpoint_security:r73:*:*:*:*:*:*:*",
              "matchCriteriaId": "020E1329-9D13-421D-8475-BB7F159DB82C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:endpoint_security_vpn:r75:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC71EAB-E222-4E73-97F6-29975093A1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:remote_access_clients:e75:*:*:*:*:*:*:*",
              "matchCriteriaId": "52DEDD86-1972-484E-8D2F-7EDAB8FFCFA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:remote_access_clients:e75.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B14BF3D-4D60-4775-8392-6CD322A88414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:checkpoint:remote_access_clients:e75.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF6B60FE-0662-4208-9A24-5E21118CC4FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en TrGUI.exe en el Endpoint Connect (aka EPC) GUI en Check Point Endpoint Security R73.x y E80.x en la plataforma VPN blade, Endpoint Security VPN R75, Endpoint Connect R73.x, y Remote Access Clients E75.x permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya DLL en el directorio de trabajo actual."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
  "id": "CVE-2012-2753",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-06-19T20:55:07.037",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201206-0104

Vulnerability from variot - Updated: 2023-12-18 13:40

Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Check Point Endpoint Connect is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Check Point Endpoint Security is a set of endpoint security solutions from Check Point Company in the United States. This solution combines firewall, network access control, anti-virus, anti-spyware, data security and other functions to ensure that terminal PCs are free from Web-based threats. ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch

TITLE: Check Point Endpoint Connect Insecure Library Loading Vulnerability

SECUNIA ADVISORY ID: SA49432

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49432/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49432

RELEASE DATE: 2012-06-11

DISCUSS ADVISORY: http://secunia.com/advisories/49432/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/49432/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=49432

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A vulnerability has been reported in Check Point EndPoint Connect, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the application loading certain libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening unspecified file types located on a remote WebDAV or SMB share.

Successful exploitation allows execution of arbitrary code.

SOLUTION: Apply available hotfixes.

Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

PROVIDED AND/OR DISCOVERED BY: The vendor credits Moshe Zioni, Comsec Consulting.

ORIGINAL ADVISORY: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480&src=securityAlerts

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

A user with local disk access can carefuly construct a DLL that suits a pattern that is being traversed by the client and implement it somewhere along the search path and the client will load it seamlessly.

Impact

After the DLL has been implemented, an unsuspected user that will run the program will cause it to load, resulting in arbitrary code execution with user's privilege level.

Solution

Apply the appropriate Hotfix released by Checkpoint (one line URL): https://supportcenter.checkpoint.com/supportcenter/portal? eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480

Credits

The issue was responsibly reported by Moshe Zioni from Comsec Global Consulting.

Timeline

11 June 2012 Checkpoint officialy announce a Hotfix for the issue 6 June 2012 Checkpoint reported on finishing a fix to the reported issue 16 May 2012 Further correspondance (Comsec-Checkpoint) took place, discussing a remidiation 15 May 2012 First response from Checkpoint Security Team 15 May 2012 Bug reported by Moshe Zioni from Comsec Global Consulting

References

Checkpoint http://www.checkpoint.com/ Comsec Global Consulting http://www.comsecglobal.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201206-0104",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "endpoint security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r73"
      },
      {
        "model": "endpoint security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "e80.30"
      },
      {
        "model": "endpoint security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "e80.10"
      },
      {
        "model": "endpoint security vpn",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r75"
      },
      {
        "model": "remote access clients",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "e75.10"
      },
      {
        "model": "remote access clients",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "e75"
      },
      {
        "model": "endpoint security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "e80"
      },
      {
        "model": "endpoint security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "e80.20"
      },
      {
        "model": "remote access clients",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "e75.20"
      },
      {
        "model": "endpoint connect",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "checkpoint",
        "version": "r73"
      },
      {
        "model": "endpoint connect",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "r73.x"
      },
      {
        "model": "endpoint security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "r73.x and  e80.x (vpn blade)"
      },
      {
        "model": "endpoint security vpn",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "r75"
      },
      {
        "model": "remote access clients",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "check point",
        "version": "e75.x"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-146"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80:-:vpn_blade:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:remote_access_clients:e75.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.20:-:vpn_blade:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.30:-:vpn_blade:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security_vpn:r75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_connect:r73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:r73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:endpoint_security:e80.10:-:vpn_blade:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:remote_access_clients:e75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:checkpoint:remote_access_clients:e75.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2753"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moshe Zioni, Comsec Consulting",
    "sources": [
      {
        "db": "BID",
        "id": "53925"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-2753",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2012-2753",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-56034",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-2753",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201206-146",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-56034",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56034"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-146"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. DLL It may be possible to get permission through the file. Check Point Endpoint Connect is prone to a vulnerability that lets attackers execute arbitrary code. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Check Point Endpoint Security is a set of endpoint security solutions from Check Point Company in the United States. This solution combines firewall, network access control, anti-virus, anti-spyware, data security and other functions to ensure that terminal PCs are free from Web-based threats. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nCheck Point Endpoint Connect Insecure Library Loading Vulnerability\n\nSECUNIA ADVISORY ID:\nSA49432\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49432/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49432\n\nRELEASE DATE:\n2012-06-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49432/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49432/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49432\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Check Point EndPoint Connect,\nwhich can be exploited by malicious people to compromise a user\u0027s\nsystem. \n\nThe vulnerability is caused due to the application loading certain\nlibraries in an insecure manner. This can be exploited to load\narbitrary libraries by tricking a user into opening unspecified file\ntypes located on a remote WebDAV or SMB share. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nSOLUTION:\nApply available hotfixes. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Moshe Zioni, Comsec Consulting. \n\nORIGINAL ADVISORY:\nhttps://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480\u0026src=securityAlerts\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nA user with local disk access can carefuly construct a DLL that suits a pattern\nthat is being traversed by the client and implement it somewhere along the\nsearch path and the client will load it seamlessly. \n\nImpact\n==========\nAfter the DLL has been implemented, an unsuspected user that will run the\nprogram will cause it to load, resulting in arbitrary code execution with\nuser\u0027s privilege level. \n\nSolution\n==========\nApply the appropriate Hotfix released by Checkpoint (one line URL):\nhttps://supportcenter.checkpoint.com/supportcenter/portal?\n\t\t\t\t\t\teventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk76480\n\nCredits\n==========\nThe issue was responsibly reported by Moshe Zioni from Comsec Global Consulting. \n\nTimeline\n===========\n11 June 2012\nCheckpoint officialy announce a Hotfix for the issue\n6 June 2012\nCheckpoint reported on finishing a fix to the reported issue\n16 May 2012\nFurther correspondance (Comsec-Checkpoint) took place, discussing a remidiation\n15 May 2012\nFirst response from Checkpoint Security Team\n15 May 2012\nBug reported by Moshe Zioni from Comsec Global Consulting\n\nReferences\n===========\nCheckpoint\nhttp://www.checkpoint.com/\nComsec Global Consulting\nhttp://www.comsecglobal.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "db": "BID",
        "id": "53925"
      },
      {
        "db": "VULHUB",
        "id": "VHN-56034"
      },
      {
        "db": "PACKETSTORM",
        "id": "113537"
      },
      {
        "db": "PACKETSTORM",
        "id": "113630"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-56034",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56034"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2753",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-146",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "49432",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20120613 SECURITY ADVISORY - CHECKPOINT ENDPOINT CONNECT VPN - DLL HIJACK",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "53925",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "113630",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-56034",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "113537",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56034"
      },
      {
        "db": "BID",
        "id": "53925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "db": "PACKETSTORM",
        "id": "113537"
      },
      {
        "db": "PACKETSTORM",
        "id": "113630"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-146"
      }
    ]
  },
  "id": "VAR-201206-0104",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56034"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:40:07.685000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Endpoint Connect (EPC) DLL hijacking vulnerability",
        "trust": 0.8,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk76480"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2753"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html"
      },
      {
        "trust": 1.6,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk76480"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2753"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2753"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/49432"
      },
      {
        "trust": 0.3,
        "url": "http://blog.rapid7.com/?p=5325"
      },
      {
        "trust": 0.3,
        "url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
      },
      {
        "trust": 0.1,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026amp;solutionid=sk76480"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi_30_beta_launch"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk76480\u0026src=securityalerts"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49432"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49432/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49432/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2753"
      },
      {
        "trust": 0.1,
        "url": "http://www.checkpoint.com/"
      },
      {
        "trust": 0.1,
        "url": "https://supportcenter.checkpoint.com/supportcenter/portal?"
      },
      {
        "trust": 0.1,
        "url": "http://www.comsecglobal.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56034"
      },
      {
        "db": "BID",
        "id": "53925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "db": "PACKETSTORM",
        "id": "113537"
      },
      {
        "db": "PACKETSTORM",
        "id": "113630"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-146"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-56034"
      },
      {
        "db": "BID",
        "id": "53925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "db": "PACKETSTORM",
        "id": "113537"
      },
      {
        "db": "PACKETSTORM",
        "id": "113630"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-146"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-06-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-56034"
      },
      {
        "date": "2012-06-11T00:00:00",
        "db": "BID",
        "id": "53925"
      },
      {
        "date": "2012-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "date": "2012-06-12T12:49:41",
        "db": "PACKETSTORM",
        "id": "113537"
      },
      {
        "date": "2012-06-14T00:48:53",
        "db": "PACKETSTORM",
        "id": "113630"
      },
      {
        "date": "2012-06-19T20:55:07.037000",
        "db": "NVD",
        "id": "CVE-2012-2753"
      },
      {
        "date": "2012-06-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201206-146"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-06-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-56034"
      },
      {
        "date": "2012-06-17T00:02:00",
        "db": "BID",
        "id": "53925"
      },
      {
        "date": "2012-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      },
      {
        "date": "2012-06-26T04:00:00",
        "db": "NVD",
        "id": "CVE-2012-2753"
      },
      {
        "date": "2012-06-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201206-146"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "113630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-146"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Check Point Vulnerabilities that can be authorized in multiple products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002785"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "53925"
      }
    ],
    "trust": 0.3
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2753 (GCVE-0-2012-2753)

CERTA-2012-AVI-318

Solution

CERTA-2012-AVI-318

Solution

GHSA-6P22-M9PJ-G88J

GSD-2012-2753

FKIE_CVE-2012-2753

VAR-201206-0104

Impact

Solution

Credits

Timeline

References

Tags

Sightings

Nomenclature