Lucene search

[email protected]CVE-2010-3337

HistoryNov 10, 2010 - 3:00 a.m.

CVE-2010-3337

2010-11-1003:00:02

[email protected]

web.nvd.nist.gov

microsoft

office 2007

office 2010

vulnerability

untrusted search path

local users

privileges

dll

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.952 High

EPSS

Percentile

99.4%

JSON

Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka “Insecure Library Loading Vulnerability.” NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.

Affected configurations

NVD

Node

microsoftofficeMatch2007sp2

microsoftofficeMatch2010

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2010

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2010

References

www.securitytracker.com/id?1024705

www.us-cert.gov/cas/techalerts/TA10-313A.html

www.vupen.com/english/advisories/2010/2923

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11929

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.952 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2010-3337

nvd3 cvelist3 prion3 securityvulns5 openvas5 checkpoint_advisories1 cve2 nessus1 mskb1