Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-09-10 13:00
Updated : 2018-10-10 13:01
NVD link : CVE-2010-3199
Mitre link : CVE-2010-3199
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
tigris
- tortoisesvn