PatchSiren cyber security CVE debrief
CVE-2017-5233 Rapid7 CVE debrief
CVE-2017-5233 is a DLL preloading issue in Rapid7 AppSpider Pro installers before version 6.14.053. If the installer is launched from a directory containing a malicious DLL, it may load that DLL instead of the intended library. The risk is highest during installation, where a local attacker or a user working from an untrusted directory could influence code execution.
- Vendor
- Rapid7
- Product
- CVE-2017-5233
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-03-02
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-03-02
- Advisory updated
- 2026-05-13
Who should care
Organizations using Rapid7 AppSpider Pro installers older than 6.14.053 should treat this as relevant, especially endpoint administrators, deployment teams, and anyone distributing or running installers from writable or untrusted directories.
Technical summary
NVD classifies the issue as CWE-426 (Untrusted Search Path). The vulnerable condition affects AppSpider Pro installers prior to 6.14.053 and allows a malicious DLL in the installer’s current working directory to be loaded. NVD rates the issue CVSS 3.1 7.8 High with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local conditions and user interaction are required, but successful exploitation could have high confidentiality, integrity, and availability impact.
Defensive priority
High. Even though exploitation is local and requires user interaction, installer-time code execution can be a strong foothold on affected systems and is straightforward to reduce by upgrading and controlling where installers are executed from.
Recommended defensive actions
- Upgrade Rapid7 AppSpider Pro to version 6.14.053 or later.
- Do not run installers from writable, shared, or otherwise untrusted current working directories.
- Distribute installers through controlled deployment paths and verify package integrity before execution.
- Restrict who can place files in directories used during installation to reduce DLL planting opportunities.
- If you must use older media temporarily, inspect the working directory before launching the installer and remove untrusted DLLs.
Evidence notes
The supplied NVD record shows CVE publishedAt 2017-03-02T20:59:00.687Z and modifiedAt 2026-05-13T00:24:29.033Z. The vendor advisory reference is dated 2017-03-01 in the provided source metadata, which is before CVE publication and should be treated as advisory context, not the CVE issue date. The vulnerability is described as a DLL preloading flaw in Rapid7 AppSpider Pro installers prior to version 6.14.053, with CWE-426 and a CVSS 3.1 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. No KEV listing was supplied.
Official resources
-
CVE-2017-5233 CVE record
CVE.org
-
CVE-2017-5233 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
Publicly disclosed with CVE publication on 2017-03-02. The supplied NVD record was last modified on 2026-05-13. The provided enrichment does not list this CVE in CISA KEV.