Lucene search

[email protected]CVE-2010-3146

HistoryAug 27, 2010 - 7:00 p.m.

CVE-2010-3146

2010-08-2719:00:02

[email protected]

web.nvd.nist.gov

cve

2010

3146

microsoft groove

sp2

local users

privileges

mso.dll

grooveperfmon.dll

insecure library loading vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka “Microsoft Groove Insecure Library Loading Vulnerability.”

Affected configurations

NVD

Node

microsoftgrooveMatch2007sp2

CPENameOperatorVersion
microsoft:groovemicrosoft grooveeq2007

CPE	Name	Operator	Version
microsoft:groove	microsoft groove	eq	2007

References

www.exploit-db.com/exploits/14746/

www.us-cert.gov/cas/techalerts/TA11-067A.html

www.vupen.com/english/advisories/2010/2188

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

Related for CVE-2010-3146

prion1 cvelist1 openvas3 checkpoint_advisories1 saint4 nvd1 nessus1 securityvulns1