CVE-2010-3397
Summary
| CVE | CVE-2010-3397 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-09-15 18:00:00 UTC |
| Updated | 2018-10-10 20:01:00 UTC |
| Description | Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pgp | Desktop | 10.0.0 | All | All | All |
| Application | Pgp | Desktop | 9.10.0 | All | All | All |
| Application | Pgp | Desktop | 9.9.0 | All | All | All |
| Application | Pgp | Desktop | 10.0.0 | All | All | All |
| Application | Pgp | Desktop | 9.10.0 | All | All | All |
| Application | Pgp | Desktop | 9.9.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| PGP Desktop DLL Loading Arbitrary Code Execution Vulnerability | BID | www.securityfocus.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| PGP Desktop Insecure Library Loading Vulnerability - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.