Vulnerabilities > CVE-2010-3134 - Unspecified vulnerability in Google Earth 5.1.3535.3218

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
google
critical
exploit available

Summary

Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'

Vulnerable Configurations

Part Description Count
Application
Google
1

Exploit-Db

descriptionGoogle Earth v5.1.3535.3218 DLL Hijacking Exploit (quserex.dll). CVE-2010-3134. Local exploit for windows platform
fileexploits/windows/local/14790.c
idEDB-ID:14790
last seen2016-02-01
modified2010-08-25
platformwindows
port
published2010-08-25
reporterLiquidWorm
sourcehttps://www.exploit-db.com/download/14790/
titleGoogle Earth 5.1.3535.3218 - DLL Hijacking Exploit quserex.dll
typelocal

Oval

accepted2014-04-07T04:06:57.343-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentGoogle Earth is installed
ovaloval:org.mitre.oval:def:6838
descriptionUntrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz file.
familywindows
idoval:org.mitre.oval:def:7553
statusaccepted
submitted2010-09-17T05:48:31
titleUntrusted search path vulnerability in Google Earth version 5.1.3535.3218
version8