Lucene search

[email protected]CVE-2010-3139

HistoryAug 27, 2010 - 7:00 p.m.

CVE-2010-3139

2010-08-2719:00:01

[email protected]

web.nvd.nist.gov

cve-2010-3139

microsoft windows

grpconv.exe

vulnerability

dll hijacking

imm.dll

nvd

7.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.147 Low

EPSS

Percentile

95.8%

JSON

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

Affected configurations

NVD

Node

microsoftwindows

CPENameOperatorVersion
microsoft:windowsmicrosoft windowseq*

CPE	Name	Operator	Version
microsoft:windows	microsoft windows	eq	*

References

osvdb.org/67535

secunia.com/advisories/41136

www.exploit-db.com/exploits/14758

www.vupen.com/english/advisories/2010/2200

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12209

7.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.147 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2010-3139

openvas2 nvd1 cvelist1 prion1