CVE-2010-3397

2010-09-1518:00:44

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0.005

Percentile

76.0%

JSON

Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file.

Affected configurations

Nvd

Node

pgpdesktopMatch9.9.0

pgpdesktopMatch9.10.0

pgpdesktopMatch10.0.0

VendorProductVersionCPE
pgpdesktop9.9.0cpe:2.3:a:pgp:desktop:9.9.0:*:*:*:*:*:*:*
pgpdesktop9.10.0cpe:2.3:a:pgp:desktop:9.10.0:*:*:*:*:*:*:*
pgpdesktop10.0.0cpe:2.3:a:pgp:desktop:10.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pgp	desktop	9.9.0	cpe:2.3:a:pgp:desktop:9.9.0:::::::*
pgp	desktop	9.10.0	cpe:2.3:a:pgp:desktop:9.10.0:::::::*
pgp	desktop	10.0.0	cpe:2.3:a:pgp:desktop:10.0.0:::::::*