{"id":"CVE-2016-1281","details":"Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the \"application directory\", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.","modified":"2026-03-14T09:18:42.525863Z","published":"2017-01-23T21:59:00.970Z","references":[{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/01/11/1"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2016/Jan/22"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/veracrypt/veracrypt","events":[{"introduced":"0"},{"last_affected":"8748013f7da850230369f5dfb6606ec1ae51e1c0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.16"}]}}],"versions":["VeraCrypt_1.0a","VeraCrypt_1.0b","VeraCrypt_1.0c","VeraCrypt_1.0d","VeraCrypt_1.0e","VeraCrypt_1.0f","VeraCrypt_1.0f-1","VeraCrypt_1.0f-2","VeraCrypt_1.0f-BETA","VeraCrypt_1.0f-BETA2","VeraCrypt_1.0f-BETA3","VeraCrypt_1.12","VeraCrypt_1.13","VeraCrypt_1.14","VeraCrypt_1.15","VeraCrypt_1.16","VeraCrypt_Linux_1.0d","VeraCrypt_Linux_1.0e","VeraCrypt_Linux_1.0f-BETA","VeraCrypt_MacOSX_1.0d","VeraCrypt_MacOSX_1.0e","VeraCrypt_MacOSX_1.0f-BETA"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.1-a"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1281.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}