Mobaxterm Personal Edition Portable
Monthly
Arbitrary code execution in MobaXterm Personal Edition (Portable) version 26.3 Build 5154 occurs because the application loads winspool.drv from its working directory at startup, enabling classic DLL search-order hijacking. A local attacker who can write to the directory containing the portable executable can drop a malicious winspool.drv that executes in the victim's user context the next time MobaXterm is launched. No public exploit identified at time of analysis, and EPSS data was not provided, but the trivial nature of DLL planting makes weaponization straightforward.
Arbitrary code execution in MobaXterm Personal Edition (Portable) 26.3 Build 5154 occurs because the application loads DLLs from a predictable, user-writable temporary directory before falling back to secure system paths. A local attacker who can drop a crafted DLL into that path achieves code execution under the victim's account when MobaXterm is next launched. No public exploit identified at time of analysis, and the issue is not on CISA KEV.
Arbitrary code execution in MobaXterm Personal Edition (Portable) version 26.3 Build 5154 occurs because the application loads winspool.drv from its working directory at startup, enabling classic DLL search-order hijacking. A local attacker who can write to the directory containing the portable executable can drop a malicious winspool.drv that executes in the victim's user context the next time MobaXterm is launched. No public exploit identified at time of analysis, and EPSS data was not provided, but the trivial nature of DLL planting makes weaponization straightforward.
Arbitrary code execution in MobaXterm Personal Edition (Portable) 26.3 Build 5154 occurs because the application loads DLLs from a predictable, user-writable temporary directory before falling back to secure system paths. A local attacker who can drop a crafted DLL into that path achieves code execution under the victim's account when MobaXterm is next launched. No public exploit identified at time of analysis, and the issue is not on CISA KEV.