Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL
Vulnerability Description
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity validation or secure search order. If the DLL is missing or attacker-writable locations in the search path are used, a local attacker with write permissions to the directory can plant a malicious MEAINFY.DLL. When the executable is launched, it loads the attacker-controlled library and executes code with the privileges of the process, enabling local privilege escalation when run with elevated rights.
CVSS Information
N/A
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
MailEnable 代码问题漏洞
Vulnerability Description
MailEnable是澳大利亚MailEnable公司的一个基于 Windows 的商业电子邮件服务器。 MailEnable 10.54之前版本存在代码问题漏洞,该漏洞源于DLL加载机制不安全,可能导致本地任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A