ID |
CVE-2010-3134
|
Summary |
Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file. Per: http://cwe.mitre.org/data/definitions/426.html
CWE-426 - 'Untrusted Search Path Vulnerability' |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 9.3 (as of 19-09-2017 - 01:31) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
oval
via4
|
accepted | 2014-04-07T04:06:57.343-04:00 | class | vulnerability | contributors | name | SecPod Team | organization | SecPod Technologies |
name | Maria Kedovskaya | organization | ALTX-SOFT |
name | Maria Mikhno | organization | ALTX-SOFT |
| definition_extensions | comment | Google Earth is installed | oval | oval:org.mitre.oval:def:6838 |
| description | Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file. | family | windows | id | oval:org.mitre.oval:def:7553 | status | accepted | submitted | 2010-09-17T05:48:31 | title | Untrusted search path vulnerability in Google Earth version 5.1.3535.3218 | version | 8 |
|
refmap
via4
|
exploit-db | 14790 | xf | google-earth-dll-code-exec(64484) |
|
Last major update |
19-09-2017 - 01:31 |
Published |
26-08-2010 - 18:36 |
Last modified |
19-09-2017 - 01:31 |