ID CVE-2010-3130
Summary Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 - 'Untrusted Search Path Vulnerability'
References
Vulnerable Configurations
  • cpe:2.3:a:techsmith:snagit:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:techsmith:snagit:10.0.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2010-11-08T04:00:03.347-05:00
class vulnerability
contributors
name SecPod Team
organization SecPod Technologies
definition_extensions
comment TechSmith SnagIt is installed
oval oval:org.mitre.oval:def:7558
description Untrusted search path vulnerability in TechSmith SnagIt 10 (Build 788) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.
family windows
id oval:org.mitre.oval:def:6668
status accepted
submitted 2010-09-28T12:42:48
title Untrusted search path vulnerability via a Trojan horse dwmapi.dll in TechSmith SnagIt version from 8.2.1 to 10.0.0(build 788)
version 4
refmap via4
exploit-db 14764
secunia 41124
Last major update 19-09-2017 - 01:31
Published 26-08-2010 - 18:36
Last modified 13-05-2020 - 17:15
Back to Top