Lucene search
MitreCVE-2010-3199HistorySep 10, 2010 - 8:00 p.m.
CVE-2010-3199
2010-09-1020:00:01
CWE-264
mitre
web.nvd.nist.gov
26
cve-2010-3199
untrusted search path
tortoisesvn
vulnerability
dll hijacking
dwmapi.dll
nvd
remote code execution
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.6
Confidence
High
EPSS
0.005
Percentile
76.0%
Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.
Affected configurations
Node
tigristortoisesvnRange≤1.6.10
ORtigristortoisesvnMatch0.1
ORtigristortoisesvnMatch0.2
ORtigristortoisesvnMatch0.3
ORtigristortoisesvnMatch0.4
ORtigristortoisesvnMatch0.5
ORtigristortoisesvnMatch0.5.1
ORtigristortoisesvnMatch0.6
ORtigristortoisesvnMatch0.6.1
ORtigristortoisesvnMatch0.7
ORtigristortoisesvnMatch0.8
ORtigristortoisesvnMatch0.8.1
ORtigristortoisesvnMatch0.9.1
ORtigristortoisesvnMatch0.9.2
ORtigristortoisesvnMatch0.10.0
ORtigristortoisesvnMatch0.11.0
ORtigristortoisesvnMatch0.11.2
ORtigristortoisesvnMatch0.12
ORtigristortoisesvnMatch0.12.1
ORtigristortoisesvnMatch0.14
ORtigristortoisesvnMatch0.15
ORtigristortoisesvnMatch0.15.1
ORtigristortoisesvnMatch0.15.2
ORtigristortoisesvnMatch0.16
ORtigristortoisesvnMatch0.17
ORtigristortoisesvnMatch0.18
ORtigristortoisesvnMatch0.19
ORtigristortoisesvnMatch0.20
ORtigristortoisesvnMatch0.20.1
ORtigristortoisesvnMatch0.20.2
ORtigristortoisesvnMatch0.21
ORtigristortoisesvnMatch0.22
ORtigristortoisesvnMatch0.23
ORtigristortoisesvnMatch0.24
ORtigristortoisesvnMatch0.25
ORtigristortoisesvnMatch0.26
ORtigristortoisesvnMatch1.0
ORtigristortoisesvnMatch1.0.1
ORtigristortoisesvnMatch1.0.2
ORtigristortoisesvnMatch1.0.3
ORtigristortoisesvnMatch1.0.4
ORtigristortoisesvnMatch1.0.5
ORtigristortoisesvnMatch1.0.6
ORtigristortoisesvnMatch1.0.7
ORtigristortoisesvnMatch1.0.8
ORtigristortoisesvnMatch1.1.0
ORtigristortoisesvnMatch1.1.0rc1
ORtigristortoisesvnMatch1.1.0rc2
ORtigristortoisesvnMatch1.1.1
ORtigristortoisesvnMatch1.1.2
ORtigristortoisesvnMatch1.1.3
ORtigristortoisesvnMatch1.1.4
ORtigristortoisesvnMatch1.1.5
ORtigristortoisesvnMatch1.1.6
ORtigristortoisesvnMatch1.1.7
ORtigristortoisesvnMatch1.2.0
ORtigristortoisesvnMatch1.2.1
ORtigristortoisesvnMatch1.2.2
ORtigristortoisesvnMatch1.2.3
ORtigristortoisesvnMatch1.2.4
ORtigristortoisesvnMatch1.2.5
ORtigristortoisesvnMatch1.2.6
ORtigristortoisesvnMatch1.3.0
ORtigristortoisesvnMatch1.3.1
ORtigristortoisesvnMatch1.3.2
ORtigristortoisesvnMatch1.3.3
ORtigristortoisesvnMatch1.3.4
ORtigristortoisesvnMatch1.3.5
ORtigristortoisesvnMatch1.4.0
ORtigristortoisesvnMatch1.4.0rc1
ORtigristortoisesvnMatch1.4.1
ORtigristortoisesvnMatch1.4.2
ORtigristortoisesvnMatch1.4.3
ORtigristortoisesvnMatch1.4.4
ORtigristortoisesvnMatch1.4.5
ORtigristortoisesvnMatch1.4.6
ORtigristortoisesvnMatch1.4.7
ORtigristortoisesvnMatch1.4.8
ORtigristortoisesvnMatch1.5.0
ORtigristortoisesvnMatch1.5.0alpha1
ORtigristortoisesvnMatch1.5.0beta1
ORtigristortoisesvnMatch1.5.0rc1
ORtigristortoisesvnMatch1.5.0rc2
ORtigristortoisesvnMatch1.5.0rc3
ORtigristortoisesvnMatch1.5.1
ORtigristortoisesvnMatch1.5.2
ORtigristortoisesvnMatch1.5.3
ORtigristortoisesvnMatch1.5.4
ORtigristortoisesvnMatch1.5.5
ORtigristortoisesvnMatch1.5.6
ORtigristortoisesvnMatch1.5.7
ORtigristortoisesvnMatch1.5.8
ORtigristortoisesvnMatch1.5.9
ORtigristortoisesvnMatch1.5.10
ORtigristortoisesvnMatch1.6.0
ORtigristortoisesvnMatch1.6.3
ORtigristortoisesvnMatch1.6.4
ORtigristortoisesvnMatch1.6.5
ORtigristortoisesvnMatch1.6.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tigris | tortoisesvn | 0.4 | cpe:/a:tigris:tortoisesvn:0.4::: |
| tigris | tortoisesvn | 1.4.0 | cpe:/a:tigris:tortoisesvn:1.4.0::: |
| tigris | tortoisesvn | 0.16 | cpe:/a:tigris:tortoisesvn:0.16::: |
| tigris | tortoisesvn | 1.0.4 | cpe:/a:tigris:tortoisesvn:1.0.4::: |
| tigris | tortoisesvn | 0.6 | cpe:/a:tigris:tortoisesvn:0.6::: |
| tigris | tortoisesvn | 0.21 | cpe:/a:tigris:tortoisesvn:0.21::: |
| tigris | tortoisesvn | 1.5.8 | cpe:/a:tigris:tortoisesvn:1.5.8::: |
| tigris | tortoisesvn | 1.0.3 | cpe:/a:tigris:tortoisesvn:1.0.3::: |
| tigris | tortoisesvn | 1.1.1 | cpe:/a:tigris:tortoisesvn:1.1.1::: |
| tigris | tortoisesvn | 1.4.2 | cpe:/a:tigris:tortoisesvn:1.4.2::: |
References
Related
cvelist
cvelist
CVE-2010-3199
2010-09-10 19:00:00
securityvulns
securityvulns
Tortoise SVN DLL Hijacking Vulnerability
2010-09-02 00:00:00
Microsoft Windows multiple applications DLL hijacking
2011-12-19 00:00:00
nvd
nvd
CVE-2010-3199
2010-09-10 20:00:01
prion
prion
Design/Logic Flaw
2010-09-10 20:00:00
openvas
openvas
TortoiseSVN Insecure Library Loading Vulnerability
2010-09-21 00:00:00
TortoiseSVN Insecure Library Loading Vulnerability
2010-09-21 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.6
Confidence
High
EPSS
0.005
Percentile
76.0%
Related for CVE-2010-3199