CVE-2010-3130
TechSmith Snagit 10 (Build 788) - 'dwmapi.dll' DLL Hijacking
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.
La vulnerabilidad de la ruta de búsqueda no confiable en TechSmith Snagit todas las versiones 10.x y 11.x permite a los usuarios locales, y posiblemente a los atacantes remotos, ejecutar código arbitrario y llevar a cabo ataques de secuestro DLL mediante el troyano dwmapi.dl que se encuentra en el mismo directorio como un fichero snag, snagcc o snagprof.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-08-25 First Exploit
- 2010-08-26 CVE Reserved
- 2010-08-26 CVE Published
- 2024-01-22 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6668 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/14764 | 2010-08-25 | |
| http://www.exploit-db.com/exploits/14764 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/41124 | 2020-05-13 |