Lucene search

PRIOn knowledge basePRION:CVE-2010-3199

HistorySep 10, 2010 - 8:00 p.m.

Design/Logic Flaw

2010-09-1020:00:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.3%

JSON

Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.

CPENameOperatorVersion
tortoisesvneq0.19
tortoisesvneq1.5.0 beta1
tortoisesvneq1.5.10
tortoisesvneq0.20.1
tortoisesvneq0.12
tortoisesvneq0.8.1
tortoisesvneq1.6.4
tortoisesvneq1.1.6
tortoisesvneq1.0.6
tortoisesvneq0.9.2

Name	Operator	Version
tortoisesvn	eq	0.19
tortoisesvn	eq	1.5.0 beta1
tortoisesvn	eq	1.5.10
tortoisesvn	eq	0.20.1
tortoisesvn	eq	0.12
tortoisesvn	eq	0.8.1
tortoisesvn	eq	1.6.4
tortoisesvn	eq	1.1.6
tortoisesvn	eq	1.0.6
tortoisesvn	eq	0.9.2

Rows per page:

1-10 of 991

References

tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163

tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc

www.securityfocus.com/archive/1/513442/100/0/threaded

www.securityfocus.com/archive/1/513463/100/0/threaded

8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for PRION:CVE-2010-3199