CVE-2010-3140

{"id": "CVE-2010-3140", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-08-27T19:00:01.690", "references": [{"url": "http://www.exploit-db.com/exploits/14780", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6743", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en la configuraci\u00f3n de Internet de Microsoft Windows en Windows XP SP3 permite a usuarios locales, y puede que atacantes remotos, ejecutar c\u00f3digo de su elecci\u00f3n y producir un ataque de secuestro de DLL, a trav\u00e9s de un troyano schannel.dll que est\u00e1 ubicado en la misma carpeta que un fichero ISP"}], "lastModified": "2017-09-19T01:31:14.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \r\n\r\n'CWE-426 - 'Untrusted Search Path Vulnerability'", "sourceIdentifier": "cve@mitre.org"}