Lucene search

[email protected]CVE-2010-5208

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-5208

2022-10-0316:21:03

[email protected]

web.nvd.nist.gov

cve

2010

5208

kingsoft office

untrusted search path

vulnerabilities

local users

privileges

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.9%

JSON

Multiple untrusted search path vulnerabilities in the (1) Presentation, (2) Writer, and (3) Spreadsheets components in Kingsoft Office 2010 6.6.0.2477 allow local users to gain privileges via a Trojan horse plgpf.dll file in the current working directory, as demonstrated by a directory that contains a .xls, .ppt, .rtf, or .doc file. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

ksofficeoffice_2010Match6.6.0.2477

CPENameOperatorVersion
ksoffice:office_2010ksoffice office 2010eq6.6.0.2477

CPE	Name	Operator	Version
ksoffice:office_2010	ksoffice office 2010	eq	6.6.0.2477

References

core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bkingsoft_office%5D_2010_insecure_dll_hijacking

secunia.com/advisories/41406

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for CVE-2010-5208

nvd1 prion1 cvelist1