CVE-2010-3125 - Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows l

CVE-2010-3125

Summary

Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

References

http://www.exploit-db.com/exploits/14747

Vulnerable Configurations

cpe:2.3:a:wolterskluwer:teammate_audit_management_software_suite:8.0:2:*:*:*:*:*:*
cpe:2.3:a:wolterskluwer:teammate_audit_management_software_suite:8.0:2:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 26-08-2010 - 18:36)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

exploit-db

14747

Last major update

26-08-2010 - 18:36

Published

26-08-2010 - 18:36

Last modified

26-08-2010 - 18:36