ID CVE-2010-3142
Summary Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 - 'Untrusted Search Path Vulnerability'
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2007:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2010-12-20T04:00:28.309-05:00
class vulnerability
contributors
name SecPod Team
organization SecPod Technologies
definition_extensions
comment Microsoft PowerPoint 2007 is installed
oval oval:org.mitre.oval:def:5937
description Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
family windows
id oval:org.mitre.oval:def:12219
status accepted
submitted 2010-11-09T12:13:21
title Untrusted search path vulnerability in Microsoft Office PowerPoint 2007
version 5
refmap via4
exploit-db 14782
Last major update 19-09-2017 - 01:31
Published 27-08-2010 - 19:00
Last modified 19-09-2017 - 01:31
Back to Top