Lucene search

[email protected]CVE-2010-5267

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-5267

2022-10-0316:21:02

[email protected]

web.nvd.nist.gov

cve-2010-5267

untrusted search path vulnerability

munsoft easy office recovery

local privilege escalation

trojan horse

dwmapi.dll

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in MunSoft Easy Office Recovery 1.1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .doc, .xls, or .ppt file. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

munsofteasy_office_recoveryMatch1.1

CPENameOperatorVersion
munsoft:easy_office_recoverymunsoft easy office recoveryeq1.1

CPE	Name	Operator	Version
munsoft:easy_office_recovery	munsoft easy office recovery	eq	1.1

References

packetstormsecurity.org/1009-exploits/seasyofficerecovery-dllhijack.txt

secunia.com/advisories/41584

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-5267

prion1 nvd1 cvelist1