{"id":"CVE-2018-6384","details":"Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.","modified":"2026-04-11T08:05:23.683886Z","published":"2018-01-31T16:29:00.307Z","references":[{"type":"ADVISORY","url":"https://nsclient.org/blog/2018/01/30/CVE-2018-6384-0.3.9/"},{"type":"EVIDENCE","url":"https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_nsclient_-_cve-2018-6384.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mickem/nscp","events":[{"introduced":"0"},{"fixed":"29f73db7b1bc770360cbee8837d19e90fa1ac9d4"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.4.1.73"}]}}],"database_specific":{"vanir_signatures":[{"source":"https://github.com/mickem/nscp/commit/29f73db7b1bc770360cbee8837d19e90fa1ac9d4","signature_version":"v1","digest":{"line_hashes":["260228354333094627802465884612432878615","87693210985997050853818432454279036987","304047187038373176492570088266603723424","162721478261534437172511217501209887244","158147576831035243693249491427053018649","275943042504529511178364033200420532738","258115003050774935591026928821066972859","156860257983040846005575981933603884818"],"threshold":0.9},"signature_type":"Line","id":"CVE-2018-6384-fb6f4c0d","deprecated":false,"target":{"file":"include/client/command_line_parser.cpp"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6384.json","vanir_signatures_modified":"2026-04-11T08:05:23Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}