CVE-2017-11742
Published
CVSS v3
N/A
CVSS v2
4.6
MEDIUM
Affected
1
PROJECT
Description
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub
GitHub