Vulnerabilities > CVE-2010-2600 - DLL Loading Arbitrary Code Execution vulnerability in BlackBerry Desktop Software
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Nessus
NASL family | Windows |
NASL id | BLACKBERRY_DESKTOP_SOFTWARE_6_0_B47.NASL |
description | BlackBerry Desktop Software has a DLL loading vulnerability that occurs when the program searches for a DLL file in the current working directory. Attackers may exploit the issue by placing a specially crafted DLL file and another file associated with the application in an location controlled by the attacker. When the associated file is launched, the attacker |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 49674 |
published | 2010-09-24 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/49674 |
title | BlackBerry Desktop Software < 6.0 B47 Path Subversion Arbitrary DLL Injection Code Execution |
Oval
accepted | 2015-08-24T04:00:06.716-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:6843 | ||||||||
status | accepted | ||||||||
submitted | 2010-10-26T10:43:26 | ||||||||
title | Untrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47 | ||||||||
version | 6 |