Lucene search

[email protected]CVE-2010-3148

HistoryAug 27, 2010 - 7:00 p.m.

CVE-2010-3148

2010-08-2719:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2010-3148

microsoft visio

untrusted search path

vulnerability

privilege escalation

nvd

6.3 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.792 High

EPSS

Percentile

98.3%

JSON

Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka “Microsoft Visio Insecure Library Loading Vulnerability.”

CPENameOperatorVersion
microsoft:visiomicrosoft visioeq2003

CPE	Name	Operator	Version
microsoft:visio	microsoft visio	eq	2003

References

www.exploit-db.com/exploits/14744/

www.us-cert.gov/cas/techalerts/TA11-193A.html

www.vupen.com/english/advisories/2010/2192

docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122

6.3 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.792 High

EPSS

Percentile

98.3%

JSON

Related for CVE-2010-3148

securityvulns1 prion1 checkpoint_advisories1 seebug1 nessus1 openvas3