CVE-2007-6753 Information

Description

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000 Windows XP Windows Vista Windows Server 2008 and Windows 7 when using an environment configured with a string such as APPDATA or PROGRAMFILES in a certain way allows local users to gain privileges via a Trojan horse DLL under the current working directory as demonstrated by iTunes and Safari.

Reference

http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html http://secunia.com/advisories/41984 http://support.microsoft.com/kb/329308 http://www.securityfocus.com/bid/44484