CVE-2014-1680

medium

Published 2014-02-14 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.9

VIR risk

6.9

Description

Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
bandisoft	bandizip	`{"endIncluding":"3.09"}`
bandisoft	bandizip	`3.00`
bandisoft	bandizip	`3.01`
bandisoft	bandizip	`3.02`
bandisoft	bandizip	`3.03`
bandisoft	bandizip	`3.04`
bandisoft	bandizip	`3.05`
bandisoft	bandizip	`3.06`
bandisoft	bandizip	`3.07`
bandisoft	bandizip	`3.08`

References

http://osvdb.org/102979
http://packetstormsecurity.com/files/125059
http://www.bandisoft.com/bandizip/history
https://exchange.xforce.ibmcloud.com/vulnerabilities/90966
http://osvdb.org/102979
http://packetstormsecurity.com/files/125059
http://www.bandisoft.com/bandizip/history
https://exchange.xforce.ibmcloud.com/vulnerabilities/90966

Verify integrity in audit chain (admin only). AS-IS.