Lucene search

[email protected]CVE-2010-5250

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-5250

2022-10-0316:21:02

CWE-426

[email protected]

web.nvd.nist.gov

cve-2010-5250

untrusted search path vulnerability

pthreads-win32

local users

gain privileges

pthreadgc2.dll

quserex.dll

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in the pthread_win32_process_attach_np function in pthreadGC2.dll in Pthreads-win32 2.8.0 allows local users to gain privileges via a Trojan horse quserex.dll file in the current working directory. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

pthread-win32_projectpthreads-win32Match2.8.0

CPENameOperatorVersion
pthread-win32_project:pthreads-win32pthread-win32 project pthreads-win32eq2.8.0

CPE	Name	Operator	Version
pthread-win32_project:pthreads-win32	pthread-win32 project pthreads-win32	eq	2.8.0

References

secunia.com/advisories/41215

www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/

Social References

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-5250

prion1 nvd1 cvelist1