CVE-2019-9116
Severity CVSS v4.0:
Pending analysis
Type:
CWE-427
Uncontrolled Search Path Element
Publication date:
25/02/2019
Last modified:
04/08/2024
Description
DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. NOTE: the vendor's position is "This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:sublimetext:sublime_text_3:3.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:* |
To consult the complete list of CPE names with products and versions, see this page