Lucene search

[email protected]CVE-2010-3136

HistoryAug 26, 2010 - 6:36 p.m.

CVE-2010-3136

2010-08-2618:36:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

skype

vulnerability

cve-2010-3136

untrusted search path

dll hijacking

nvd

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.6%

JSON

Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .skype file.

CPENameOperatorVersion
skype:skypeskypeeq3.1.0.134
skype:skypeskypeeq2.5.0.154
skype:skypeskypeeq3.8.0.154
skype:skypeskypeeq0.98.0.6
skype:skypeskypeeq0.97.0.3
skype:skypeskypeeq4.2.0.166
skype:skypeskypeeq3.2.0.145
skype:skypeskypeeq3.2.0.158
skype:skypeskypeeq1.2.0.41
skype:skypeskypeeq4.2.0.158

CPE	Name	Operator	Version
skype:skype	skype	eq	3.1.0.134
skype:skype	skype	eq	2.5.0.154
skype:skype	skype	eq	3.8.0.154
skype:skype	skype	eq	0.98.0.6
skype:skype	skype	eq	0.97.0.3
skype:skype	skype	eq	4.2.0.166
skype:skype	skype	eq	3.2.0.145
skype:skype	skype	eq	3.2.0.158
skype:skype	skype	eq	1.2.0.41
skype:skype	skype	eq	4.2.0.158

Rows per page:

1-10 of 1501

References

www.exploit-db.com/exploits/14766

exchange.xforce.ibmcloud.com/vulnerabilities/64577

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11833

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2010-3136

cvelist1 prion1 kaspersky1 openvas2