Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
ISC BIND Unquoted Path Vulnerability (CVE-2017-3141) - Windows
Information
Severity
Severity
High
Family
Family
General
CVSSv2 Base
CVSSv2 Base
7.2
CVSSv2 Vector
CVSSv2 Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
2 years ago
Modified
Modified
2 years ago
Summary
ISC BIND on Windows is prone to an unquoted path vulnerability.
Insight
Insight
The BIND installer on Windows uses an unquoted service path, which can enable a local user to achieve privilege escalation if the host file system permissions allow this.
Affected Software
Affected Software
BIND 9.2.6-P2 through 9.2.9, 9.3.2-P1 through 9.3.6, 9.4.0 through 9.8.8, 9.9.0 through 9.9.10, 9.10.0 through 9.10.5, 9.11.0 through 9.11.1, 9.9.3-S1 through 9.9.10-S1 and 9.10.5-S1.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 9.9.10-P1, 9.10.5-P1, 9.11.1-P1, 9.9.10-S2, 9.10.5-S2 or later.