mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
297 lines
11 KiB
JSON
297 lines
11 KiB
JSON
{
|
|
"id": "CVE-2010-3914",
|
|
"sourceIdentifier": "vultures@jpcert.or.jp",
|
|
"published": "2010-11-03T13:37:08.997",
|
|
"lastModified": "2025-04-11T00:51:21.963",
|
|
"vulnStatus": "Deferred",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en VIM Development Group GVim anterior a v7.3.034, y posiblemente versiones anteriores a v7.3.46, permite a usuarios locales, y posiblemente atacantes remotos, la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n y llevar a cabo ataques de secuestro DLL a trav\u00e9s de un troyano User32.dll u otra que se ubica en la misma carpeta que un archivo TXT. Nota: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
|
"baseScore": 9.3,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "7.3.033",
|
|
"matchCriteriaId": "725EE2B7-96C9-4972-8A7E-E69093F95B2E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.01:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6BF03D66-FE40-44F2-A3DD-C5B87836DDDC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.02:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7C08D893-042C-4ED1-86B6-1B8FE2E1D213"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.03:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9AD47983-31F2-43D6-99C2-F69D121AD2FD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.04:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A3E69659-8C99-4448-B103-81A5F435DE23"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.05:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E16D1B11-4CF5-4A9E-B022-B19D1C31DCC4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.06:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "857EC47A-BE90-4A8C-9A06-637FCE871713"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.07:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6D5AAB0D-8334-425A-8321-89B0D0AFBFB3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.08:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6D4E37D8-3AAA-4135-AD35-0446BB9C1EB2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.09:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "841B6A12-C5D9-4836-8CC3-6E66ABA43C63"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.010:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7CD69DCE-85A8-425F-9ADB-C6A09E520549"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.011:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F182D6F9-0533-4AA5-8F8D-EC8929350DAF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.012:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FA59E723-8B3D-40D9-81EF-21091ECA747B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.013:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "236381E0-D186-4A28-A696-CE35A03E3616"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.014:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "51C542A6-F194-46E4-B943-678590C199CC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.015:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ECA565AB-B9A8-49CD-8553-DFB7450A32FB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.016:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DC2E6CC8-FA17-4FE3-ADBB-4E84555B6FBC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.017:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A0F0E45-E428-4FD1-9FB0-2B0DCEAF9FC3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.018:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2FCF5A56-DB53-4B6F-ACB8-D5D48C0E4BEE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.019:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6A614F92-9EC0-4AFB-B5C8-193A9D471057"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.020:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F8E6D309-1985-4F3F-A25F-575E158BFC51"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.021:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "53F7B164-4563-45EF-B9AF-577AE303FAA3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.022:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9EE86FA1-7D5A-4DA0-8995-3B65E1B2EFF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.023:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E80404AC-32BB-466A-9A7C-BEE4E4879C5C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.024:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E10A79CE-DC4F-4E37-992F-54F8ABD8A51E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.025:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FDC5DE3D-4F80-43E2-A866-FEBECE405A30"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.026:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "093FB356-0246-4DDF-AADD-0FCDA1CA1C1B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.027:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "597AAEEB-1F5C-45E6-83EC-E80937B390FA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.028:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BE277E41-16EF-4B9A-BEC5-8A98376E91AD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.029:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F32C2454-8A07-451C-AA14-C7513458B349"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.030:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C5D381F5-42C9-484F-BC2A-534F40A5E921"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.031:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C16BC269-A435-4C9D-86C8-6F53C7FF1341"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:vim:gvim:7.3.032:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8245FA83-9DDD-48CC-B455-AB6673253D21"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034",
|
|
"source": "vultures@jpcert.or.jp",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://jvn.jp/en/jp/JVN27868039/index.html",
|
|
"source": "vultures@jpcert.or.jp",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html",
|
|
"source": "vultures@jpcert.or.jp"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/42084",
|
|
"source": "vultures@jpcert.or.jp",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/44588",
|
|
"source": "vultures@jpcert.or.jp"
|
|
},
|
|
{
|
|
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://jvn.jp/en/jp/JVN27868039/index.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/42084",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/44588",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
],
|
|
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'",
|
|
"evaluatorImpact": "http://www.kb.cert.org/vuls/id/707943"
|
|
} |