Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3146

4 documents4 sources

Severity

9.3CRITICAL

EPSS

28.6%

top 3.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Groove

Timeline

PublishedAug 27

Latest updateMay 14

Description

Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/groove2007

🔴Vulnerability Details

GHSA

GHSA-vqfc-8pxq-vr5h: Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso↗2022-05-14

▶

CVEList

CVE-2010-3146: Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso↗2010-08-27

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office Groove 2007 - 'mso.dll' DLL Hijacking↗2010-08-25

▶