CVE-2010-3142
Microsoft PowerPoint 2007 - 'rpawinet.dll' DLL Hijacking
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
Vulnerabilidad de ruta de búsqueda no confiable en Microsoft Office PowerPoint 2007 permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro de DLL, a través de un troyano rpawinet.dll que está ubicado en la misma carpeta que un fichero .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, o .thmx
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-08-24 First Exploit
- 2010-08-27 CVE Reserved
- 2010-08-27 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12219 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/14782 | 2010-08-25 | |
| https://www.exploit-db.com/exploits/14723 | 2010-08-24 | |
| http://www.exploit-db.com/exploits/14782 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Powerpoint Search vendor "Microsoft" for product "Powerpoint" | 2007 Search vendor "Microsoft" for product "Powerpoint" and version "2007" | - |
Affected
| ||||||