CVE-2010-3139

Опубликовано: 27 авг. 2010

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

Ссылки

http://osvdb.org/67535
http://secunia.com/advisories/41136
Vendor Advisory
http://www.exploit-db.com/exploits/14758
Exploit
http://www.vupen.com/english/advisories/2010/2200
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12209
http://osvdb.org/67535
http://secunia.com/advisories/41136
Vendor Advisory
http://www.exploit-db.com/exploits/14758
Exploit
http://www.vupen.com/english/advisories/2010/2200
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12209

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.17052

Средний

9.3 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9g3c-v8hf-frch

github

больше 3 лет назад