Vulnerabilities > CVE-2010-3135 - Unspecified vulnerability in Cisco Packet Tracer 5.2

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

cisco

critical

exploit available

NVD

Published: 2010-08-26

Updated: 2017-08-17

Summary

Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Packet Tracer 5.2	1

Exploit-Db

description	Cisco Packet Tracer 5.2 DLL Hijacking Exploit (wintab32.dll). CVE-2010-3135. Local exploit for windows platform
file	exploits/windows/local/14774.c
id	EDB-ID:14774
last seen	2016-02-01
modified	2010-08-25
platform	windows
port
published	2010-08-25
reporter	CCNA
source	https://www.exploit-db.com/download/14774/
title	Cisco Packet Tracer 5.2 DLL Hijacking Exploit wintab32.dll
type	local

Summary

Vulnerable Configurations

Exploit-Db

References