Microsoft Windows Environment Variable Expansion in PATH Security Bypass Weakness

Microsoft Windows is prone to a security weakness because environment variables in the PATH may not always be properly expanded. This may result in files being included from unexpected locations, possibly bypassing security settings.

Attackers may exploit this weakness to aid in Dynamic Link Library (DLL) or binary-planting attacks. Other attacks may also be possible.


 

Privacy Statement
Copyright 2010, SecurityFocus