CVE-2010-3157 - Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code

CVE-2010-3157

Summary

Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

References

http://jvn.jp/jp/JVN04665167/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000040.html
http://secunia.com/advisories/41850
http://www.kmonos.net/lib/info/xacr49-vul.ja.html
http://www.securityfocus.com/bid/44125

Vulnerable Configurations

cpe:2.3:a:kmonos:xacrett:49:*:*:*:*:*:*:*
cpe:2.3:a:kmonos:xacrett:49:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 28-10-2010 - 04:00)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	44125
confirm	http://www.kmonos.net/lib/info/xacr49-vul.ja.html
jvn	JVN#04665167
jvndb	JVNDB-2010-000040
secunia	41850

Last major update

28-10-2010 - 04:00

Published

19-10-2010 - 20:00

Last modified

28-10-2010 - 04:00