VIR Vulnerability Intelligence Relay

CVE-2017-5873

medium
Published 2017-04-11 · Modified 2026-05-13
CVSS v3
6.7
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS v2
4.6
VIR risk
6.7

Description

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

Predictions

Exploit likelihood
66%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=41

Application impact
VendorProductVersionsFixed
unisyssecure_partitioning4.3.403
unisyssecure_partitioning4.4.19

References

CWEs

CWE-428

Verify integrity in audit chain (admin only). AS-IS.