Vulnerabilities > CVE-2010-2600 - DLL Loading Arbitrary Code Execution vulnerability in BlackBerry Desktop Software

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
rim
critical
nessus
NVD
Published: 2010-09-15
Updated: 2017-09-19

Summary

Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part Description Count
Application
Rim
8

Nessus

NASL familyWindows
NASL idBLACKBERRY_DESKTOP_SOFTWARE_6_0_B47.NASL
descriptionBlackBerry Desktop Software has a DLL loading vulnerability that occurs when the program searches for a DLL file in the current working directory. Attackers may exploit the issue by placing a specially crafted DLL file and another file associated with the application in an location controlled by the attacker. When the associated file is launched, the attacker
last seen2020-06-01
modified2020-06-02
plugin id49674
published2010-09-24
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/49674
titleBlackBerry Desktop Software < 6.0 B47 Path Subversion Arbitrary DLL Injection Code Execution

Oval

accepted2015-08-24T04:00:06.716-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentBlackBerry Desktop Software is installed
ovaloval:org.mitre.oval:def:6688
descriptionUntrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Blackberry.
familywindows
idoval:org.mitre.oval:def:6843
statusaccepted
submitted2010-10-26T10:43:26
titleUntrusted search path vulnerability in BlackBerry Desktop Software version less than 6.0.0.47
version6

References