CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
76.0%
Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.
Vendor | Product | Version | CPE |
---|---|---|---|
tigris | tortoisesvn | 0.4 | cpe:/a:tigris:tortoisesvn:0.4::: |
tigris | tortoisesvn | 1.4.0 | cpe:/a:tigris:tortoisesvn:1.4.0::: |
tigris | tortoisesvn | 0.16 | cpe:/a:tigris:tortoisesvn:0.16::: |
tigris | tortoisesvn | 1.0.4 | cpe:/a:tigris:tortoisesvn:1.0.4::: |
tigris | tortoisesvn | 0.6 | cpe:/a:tigris:tortoisesvn:0.6::: |
tigris | tortoisesvn | 0.21 | cpe:/a:tigris:tortoisesvn:0.21::: |
tigris | tortoisesvn | 1.5.8 | cpe:/a:tigris:tortoisesvn:1.5.8::: |
tigris | tortoisesvn | 1.0.3 | cpe:/a:tigris:tortoisesvn:1.0.3::: |
tigris | tortoisesvn | 1.1.1 | cpe:/a:tigris:tortoisesvn:1.1.1::: |
tigris | tortoisesvn | 1.4.2 | cpe:/a:tigris:tortoisesvn:1.4.2::: |