Vulnerabilities > CVE-2010-3139 - Unspecified vulnerability in Microsoft Windows

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
exploit available
NVD
Published: 2010-08-27
Updated: 2024-11-21

Summary

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

Vulnerable Configurations

Part Description Count
OS
Microsoft
1

Exploit-Db

descriptionMicrosoft Group Convertor DLL Hijacking Exploit (imm.dll). CVE-2010-3139. Local exploit for windows platform
fileexploits/windows/local/14758.c
idEDB-ID:14758
last seen2016-02-01
modified2010-08-25
platformwindows
port
published2010-08-25
reporterBeenu Arora
sourcehttps://www.exploit-db.com/download/14758/
titleMicrosoft Group Convertor DLL Hijacking Exploit imm.dll
typelocal

Oval

accepted2011-05-09T04:00:27.181-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
  • commentMicrosoft Windows XP (x86) SP3 is installed
    ovaloval:org.mitre.oval:def:5631
  • commentMicrosoft Windows XP (x86) SP2 is installed
    ovaloval:org.mitre.oval:def:754
  • commentMicrosoft Windows 2000 SP4 or later is installed
    ovaloval:org.mitre.oval:def:229
  • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
    ovaloval:org.mitre.oval:def:1935
  • commentMicrosoft Windows Server 2003 SP1 (x86) is installed
    ovaloval:org.mitre.oval:def:565
descriptionUntrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.
familywindows
idoval:org.mitre.oval:def:12209
statusaccepted
submitted2010-10-22T16:52:53
titleUntrusted search path vulnerability in Microsoft Windows Progman Group Converter
version73

References