Lucene search

[email protected]CVE-2010-5210

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-5210

2022-10-0316:21:02

[email protected]

web.nvd.nist.gov

cve-2010-5210

untrusted search path

sorax reader

privilege escalation

dwmapi.dll

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

soraxsoftsorax_readerMatch2.0.3129.70

CPENameOperatorVersion
soraxsoft:sorax_readersoraxsoft sorax readereq2.0.3129.70

CPE	Name	Operator	Version
soraxsoft:sorax_reader	soraxsoft sorax reader	eq	2.0.3129.70

References

core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bsorax_pdf_reader%5D_2.0_insecure_dll_hijacking

secunia.com/advisories/41411

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-5210

prion1 cvelist1 nvd1