CVE-2011-5158 Information

Description

Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory as demonstrated by a directory that contains a .dmt .adl .c02 .dof or .jrf file. NOTE: some of these details are obtained from third party information.

Reference

http://secunia.com/advisories/42940 http://sotiriu.de/adv/NSOADV-2010-010.txt