Details of VAR-201209-0029

ID

VAR-201209-0029

CVE

CVE-2010-5223

TITLE

Phoenix Project Manager Multiple Untrusted Search Path Vulnerabilities

Trust: 1.4

sources: IVD: 6668170c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8118 // CNNVD: CNNVD-201209-063

DESCRIPTION

Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse (1) wbtrv32.dll or (2) w3btrv7.dll file in the current working directory, as demonstrated by a directory that contains a .ppx file. NOTE: some of these details are obtained from third party information. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. (1) wbtrv32.dll Or (2) w3btrv7.dll It may be possible to get permission through the file. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Phoenix Project Manager Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41907 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Phoenix Project Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wbtrv32.dll and w3btrv7.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PPX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.1.0.8. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/phoenix-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.43

sources: NVD: CVE-2010-5223 // JVNDB: JVNDB-2012-004143 // CNVD: CNVD-2012-8118 // IVD: 6668170c-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 95001

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 6668170c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8118

AFFECTED PRODUCTS

vendor:	phoenixcpm	model:	phoenix project manager	scope:	eq	version:	2.1.0.8	Trust: 1.6
vendor:	phoenix management	model:	project manager	scope:	eq	version:	2.1.0.8	Trust: 0.8
vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	phoenix manager	model:	-	scope:	eq	version:	2.1.0.8	Trust: 0.2

sources: IVD: 6668170c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8118 // JVNDB: JVNDB-2012-004143 // CNNVD: CNNVD-201209-063 // NVD: CVE-2010-5223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-5223
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-5223
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2012-8118
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201209-063
value:	MEDIUM
Trust: 0.6
IVD:	6668170c-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2010-5223
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2012-8118
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6668170c-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 6668170c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8118 // JVNDB: JVNDB-2012-004143 // CNNVD: CNNVD-201209-063 // NVD: CVE-2010-5223

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2012-004143 // NVD: CVE-2010-5223

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201209-063

TYPE

other

Trust: 0.8

sources: IVD: 6668170c-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201209-063

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004143

PATCH

title:

Top Page

url:

http://www.phoenixcpm.com/

Trust: 0.8

sources: JVNDB: JVNDB-2012-004143

EXTERNAL IDS

db:	NVD	id:	CVE-2010-5223	Trust: 3.2
db:	SECUNIA	id:	41907	Trust: 1.7
db:	CNVD	id:	CNVD-2012-8118	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-063	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-004143	Trust: 0.8
db:	IVD	id:	6668170C-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	95001	Trust: 0.1

sources: IVD: 6668170c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8118 // JVNDB: JVNDB-2012-004143 // PACKETSTORM: 95001 // CNNVD: CNNVD-201209-063 // NVD: CVE-2010-5223

REFERENCES

url:	http://packetstormsecurity.org/1010-exploits/phoenix-dllhijack.txt	Trust: 1.7
url:	http://secunia.com/advisories/41907	Trust: 1.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5223	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5223	Trust: 0.8
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/windows_insecure_library_loading/	Trust: 0.1
url:	http://secunia.com/advisories/41907/#comments	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=41907	Trust: 0.1
url:	http://secunia.com/advisories/41907/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-8118 // JVNDB: JVNDB-2012-004143 // PACKETSTORM: 95001 // CNNVD: CNNVD-201209-063 // NVD: CVE-2010-5223

CREDITS

Secunia

Trust: 0.1

sources: PACKETSTORM: 95001

SOURCES

db:	IVD	id:	6668170c-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-8118
db:	JVNDB	id:	JVNDB-2012-004143
db:	PACKETSTORM	id:	95001
db:	CNNVD	id:	CNNVD-201209-063
db:	NVD	id:	CVE-2010-5223

LAST UPDATE DATE

2025-04-11T22:49:25.751000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-8118	date:	2012-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-004143	date:	2012-09-10T00:00:00
db:	CNNVD	id:	CNNVD-201209-063	date:	2012-09-12T00:00:00
db:	NVD	id:	CVE-2010-5223	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	6668170c-2353-11e6-abef-000c29c66e3d	date:	2012-09-12T00:00:00
db:	CNVD	id:	CNVD-2012-8118	date:	2012-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-004143	date:	2012-09-10T00:00:00
db:	PACKETSTORM	id:	95001	date:	2010-10-19T04:11:25
db:	CNNVD	id:	CNNVD-201209-063	date:	2012-09-12T00:00:00
db:	NVD	id:	CVE-2010-5223	date:	2012-09-06T10:41:56.597