Vulnerability Details : CVE-2010-2368
Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Exploit prediction scoring system (EPSS) score for CVE-2010-2368
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2368
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
References for CVE-2010-2368
-
http://jvn.jp/en/jp/JVN82752978/index.html
JVN#82752978: Lhaplus may insecurely load dynamic libraries
-
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000037.html
JVNDB-2010-000037 - JVN iPedia - 脆弱性対策情報データベース
-
http://www.ipa.go.jp/about/press/20101012.html
プレス発表 「Lhaplus」におけるセキュリティ上の弱点(脆弱性)の注意喚起:IPA 独立行政法人 情報処理推進機構
-
http://www7a.biglobe.ne.jp/~schezo/dll_vul.html
検索パスの問題に起因する脆弱性Patch;Vendor Advisory
Products affected by CVE-2010-2368
- cpe:2.3:a:lhaplus:lhaplus:*:*:*:*:*:*:*:*
- cpe:2.3:a:lhaplus:lhaplus:1.52:*:*:*:*:*:*:*
- cpe:2.3:a:lhaplus:lhaplus:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:lhaplus:lhaplus:1.55:*:*:*:*:*:*:*
- cpe:2.3:a:lhaplus:lhaplus:1.56:*:*:*:*:*:*:*