Vulnerability CVE-2010-3165


Published: 2010-10-25   Modified: 2012-02-13

Description:
Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and earlier, OuiEditor 1.6.1.1 and earlier, UnEditor 1.10.1.2 and earlier, DeuxEditor 1.7.1.2 and earlier, SQLEditorXP 3.14.1.2 and earlier, SQLEditorTE 1.9.1.3 and earlier, SQLEditor8 3.8.1.2 and earlier, and SQLEditorClassic 1.8.1.3 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

Type:

CWE-Other

Vendor: Yokkasoft
Product: Sqleditor8 
Version: 3.8.1.2;
Product: Sqleditorxp 
Version: 3.14.1.2;
Product: Sqleditorte 
Version: 1.9.1.3;
Product: Sqleditorclassic 
Version: 1.8.1.3;
Product: Deuxeditor 
Version: 1.7.1.2;
Product: Ouieditor 
Version: 1.6.1.1;
Product: Noeditor 
Version: 1.33.1.1;
Product: Uneditor 
Version: 1.10.1.2;

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000049.html
http://jvn.jp/en/jp/JVN07497935/index.html

Copyright 2019, cxsecurity.com

 

Back to Top