CVE-2016-4802

CVSS 7.8 - HIGH

Description

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.

Affected Products

1

Vendor	Product	Version
haxx	curl	`All versions`

References

http://www.securityfocus.com/bid/90997

http://www.securitytracker.com/id/1036008

https://curl.haxx.se/docs/adv_20160530.html

http://www.securityfocus.com/bid/90997

http://www.securitytracker.com/id/1036008

https://curl.haxx.se/docs/adv_20160530.html

Weakness Types

CWE-264

CVE Information

CVE ID:: CVE-2016-4802
Published:: 2016-06-24
Modified:: 2026-05-06
CVSS Score:: 7.8
Severity:: HIGH
Vector:: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

haxx

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL