CVE-2010-3163

{"id": "CVE-2010-3163", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-10-25T20:01:03.503", "references": [{"url": "http://jvn.jp/en/jp/JVN50610528/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000047.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://www.fenrir.co.jp/grani/note.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 and Grani before 4.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Fenrir Sleipnir v2.9.5 y anteriores y Grani v4.4 y anteriores permite a usuarios locales, y puede que atacantes remotos, ejecutar c\u00f3digo de su elecci\u00f3n y producir un ataque de secuestro de DLL, a trav\u00e9s de un troyano que est\u00e1 ubicado en la misma carpeta que un fichero"}], "lastModified": "2010-10-27T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fenrir:sleipnir:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF224000-FC60-48B5-A80A-2E52DBFA9C67", "versionEndIncluding": "2.9.4"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7AE3589-EF1F-4906-BD9F-79B48F02605C"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D795C76-C0B8-4D70-A39E-557D0490CA6C"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98C7A96D-80A8-488C-941B-43CF3CFF5CB6"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1CECD6F-041F-433E-BD1B-8B83A896E1DD"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC806925-0EBC-4A62-9CA2-C06A9464CABA"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BFB259A-0A01-41C0-957B-F1BFEBBC4621"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3D6A1E2-CA52-4AB5-B4D2-D9D880B2ABD4"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29D748E1-B31E-4B4A-8F6C-FED7C6682020"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62E0F7F6-35AD-4BA0-ABB4-CA4AF9B2280B"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6283AF14-DF4C-4D6B-92A4-486BD1B1E23D"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD31D8D0-FC9D-46D8-8107-4432AC38CB7A"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF05E82F-D4E7-4D5F-915B-862261EE75D1"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6566B45F-EE80-41DE-9148-76324F3ED3C1"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43927247-83B1-4000-900F-90D4BC17EE3C"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5268078F-6127-4107-B916-83FFAE448A77"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01FCBA7-B144-4879-A4CB-8C7EE2A46E65"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43813DF8-D463-40B8-8D69-13398C0D9B9E"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.5.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE63C7D1-2701-48F8-8C30-0F474E25FC12"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7A21B8B-677F-4F79-8E15-B68F8B926EA3"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "092C6BAD-12EF-42C2-AB6D-7549AEB7B2CB"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CEE9AB5-F7C2-4D5D-AFFF-CDE91EF347A1"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C2C651-3F69-4C17-AA56-D9E141FCF053"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2D0DC71-F8B9-4BE1-9462-948E610B6C47"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.7.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB631A4F-AB11-4426-98B8-2398CD7EB82E"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C80ADAAA-64CC-42A4-B8E6-A951C7473B17"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BED96F34-CCA5-4056-BFF6-817468EA2187"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16B52778-D697-463F-9252-1B1D3C0D975E"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1835F518-7065-41FA-9659-0898B9620B9A"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "193A1B10-1C5B-4933-8C22-1AD5C739E358"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F5BD044-859A-439B-B5E3-107D9252C7F6"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4D82F84-D15D-4034-9AD2-5E42D7A9CF4A"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D9F85EE-F47C-4291-A162-091B565826CA"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1233AF74-35EC-45C3-A4ED-9B364D4FB401"}, {"criteria": "cpe:2.3:a:fenrir:sleipnir:2.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96EB8FCA-C7EC-4BEA-B91B-F80FA4E78A2A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fenrir:grani:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50B4E2F7-5B2D-4174-9E7B-7EA5BA7E2AC8", "versionEndIncluding": "4.3"}, {"criteria": "cpe:2.3:a:fenrir:grani:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28BA839-EBCA-461A-AE44-2CFBBE006341"}, {"criteria": "cpe:2.3:a:fenrir:grani:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B0418CF-47E2-4C32-93C1-36EA37833CF1"}, {"criteria": "cpe:2.3:a:fenrir:grani:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A9ACA9-3D93-4C8C-85F2-8E977ACAD8BA"}, {"criteria": "cpe:2.3:a:fenrir:grani:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46CBC2EB-1D53-4ADA-97EA-81D8C67EFC90"}, {"criteria": "cpe:2.3:a:fenrir:grani:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "439C0D2A-DA16-426F-8EF8-AA71B6158CE0"}, {"criteria": "cpe:2.3:a:fenrir:grani:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F26FDE1-515D-434A-A68E-0F0055685EC7"}, {"criteria": "cpe:2.3:a:fenrir:grani:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A88A00FB-3224-4CBB-B358-F58E4B8F89FB"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "sourceIdentifier": "vultures@jpcert.or.jp"}