Vulnerabilities > CVE-2010-3142 - Unspecified vulnerability in Microsoft Powerpoint 2007

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
critical
exploit available
NVD
Published: 2010-08-27
Updated: 2017-09-19

Summary

Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 - 'Untrusted Search Path Vulnerability'

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Exploit-Db

  • descriptionMicrosoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll). CVE-2010-3141,CVE-2010-3142. Local exploit for windows platform
    fileexploits/windows/local/14723.c
    idEDB-ID:14723
    last seen2016-02-01
    modified2010-08-24
    platformwindows
    port
    published2010-08-24
    reporterTheLeader
    sourcehttps://www.exploit-db.com/download/14723/
    titleMicrosoft Power Point 2010 DLL Hijacking Exploit pptimpconv.dll
    typelocal
  • descriptionMicrosoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll). CVE-2010-3141,CVE-2010-3142. Local exploit for windows platform
    fileexploits/windows/local/14782.c
    idEDB-ID:14782
    last seen2016-02-01
    modified2010-08-25
    platformwindows
    port
    published2010-08-25
    reporterstorm
    sourcehttps://www.exploit-db.com/download/14782/
    titleMicrosoft Office PowerPoint 2007 DLL Hijacking Exploit rpawinet.dll
    typelocal

Oval

accepted2010-12-20T04:00:28.309-05:00
classvulnerability
contributors
nameSecPod Team
organizationSecPod Technologies
definition_extensions
commentMicrosoft PowerPoint 2007 is installed
ovaloval:org.mitre.oval:def:5937
descriptionUntrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
familywindows
idoval:org.mitre.oval:def:12219
statusaccepted
submitted2010-11-09T12:13:21
titleUntrusted search path vulnerability in Microsoft Office PowerPoint 2007
version5

References