Lucene search

[email protected]CVE-2010-3337

HistoryNov 10, 2010 - 3:00 a.m.

CVE-2010-3337

2010-11-1003:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft

office 2007

office 2010

vulnerability

untrusted search path

local users

privileges

dll

6.1 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.955 High

EPSS

Percentile

99.4%

JSON

Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka “Insecure Library Loading Vulnerability.” NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2010

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2010

References

www.securitytracker.com/id?1024705

www.us-cert.gov/cas/techalerts/TA10-313A.html

www.vupen.com/english/advisories/2010/2923

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11929

6.1 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.955 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2010-3337

prion3 securityvulns5 checkpoint_advisories1 openvas5 cve2 nessus1 mskb1