CVE Reference: CVE-2010-3131

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-3131

Description:
Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.

CVE Status:
Candidate

References:

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

SAID
  Secunia Advisory: SA41095
  Secunia Advisory: SA41168

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12143

EXPLOIT-DB
  http://www.exploit-db.com/exploits/14730
  http://www.exploit-db.com/exploits/14783

CONFIRM
  http://www.mozilla.org/security/announce/2010/mfsa2010-52.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/513324/100/0/threaded


Return to the previous page.