Sign-up

ID

VAR-201209-0075


CVE

CVE-2010-5269


TITLE

Intel Threading Building Blocks of tbb.dll Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2012-004237

DESCRIPTION

Untrusted search path vulnerability in tbb.dll in Intel Threading Building Blocks (TBB) 2.2.013 allows local users to gain privileges via a Trojan horse tbbmalloc.dll file in the current working directory, as demonstrated by a directory that contains a .pbk file. NOTE: some of these details are obtained from third party information. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user can create a Trojan horse in the current working directory. tbbmalloc.dll It may be possible to get permission through the file. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Intel Threading Building Blocks (TBB) Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42506 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42506/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42506 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42506/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42506/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42506 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Intel Threading Building Blocks (TBB), which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "tbb.dll" loading libraries (e.g. tbbmalloc.dll) in an insecure manner. This can be exploited to load arbitrary libraries when an application using this library e.g. opens a file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.2.013. Other versions may also be affected. SOLUTION: Upgrade to version 3.0.4.127. PROVIDED AND/OR DISCOVERED BY: Originally reported in a CORE IMPACT exploit module for Adobe Pixel Bender Toolkit by Core Security Technologies. Additional information provided by Secunia Research. ORIGINAL ADVISORY: http://www.coresecurity.com/content/adobe-pixel-bender-toolkit-tbbmalloc-dll-hijacking-exploit-10-5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2010-5269 // JVNDB: JVNDB-2012-004237 // VULHUB: VHN-47874 // PACKETSTORM: 96441

AFFECTED PRODUCTS

vendor:intelmodel:threading building blocksscope:eqversion:2.2.013

Trust: 2.4

sources: JVNDB: JVNDB-2012-004237 // CNNVD: CNNVD-201209-134 // NVD: CVE-2010-5269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-5269
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-5269
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201209-134
value: MEDIUM

Trust: 0.6

VULHUB: VHN-47874
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-5269
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-47874
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-47874 // JVNDB: JVNDB-2012-004237 // CNNVD: CNNVD-201209-134 // NVD: CVE-2010-5269

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2012-004237 // NVD: CVE-2010-5269

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201209-134

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201209-134

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004237

PATCH
title:Top Pageurl:http://www.intel.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-004237

EXTERNAL IDS
db:NVDid:CVE-2010-5269
Trust: 2.5
db:SECUNIAid:42506
Trust: 1.8
db:JVNDBid:JVNDB-2012-004237
Trust: 0.8
db:CNNVDid:CNNVD-201209-134
Trust: 0.7
db:VULHUBid:VHN-47874
Trust: 0.1
db:PACKETSTORMid:96441
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47874 // 
            
            
            
            JVNDB: JVNDB-2012-004237 // 
            
            
            
            PACKETSTORM: 96441 // 
            
            
            
            CNNVD: CNNVD-201209-134 // 
            
            
            
            NVD: CVE-2010-5269

REFERENCES
url:http://www.coresecurity.com/content/adobe-pixel-bender-toolkit-tbbmalloc-dll-hijacking-exploit-10-5
Trust: 1.8
url:http://secunia.com/advisories/42506
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5269
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5269
Trust: 0.8
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/42506/
Trust: 0.1
url:http://secunia.com/advisories/42506/#comments
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/products/corporate/vim/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42506
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47874 // 
            
            
            
            JVNDB: JVNDB-2012-004237 // 
            
            
            
            PACKETSTORM: 96441 // 
            
            
            
            CNNVD: CNNVD-201209-134 // 
            
            
            
            NVD: CVE-2010-5269

CREDITS
Secunia
Trust: 0.1
sources:
            
            
            PACKETSTORM: 96441

SOURCES
db:VULHUBid:VHN-47874
db:JVNDBid:JVNDB-2012-004237
db:PACKETSTORMid:96441
db:CNNVDid:CNNVD-201209-134
db:NVDid:CVE-2010-5269

LAST UPDATE DATE
2025-04-11T23:12:06.558000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-47874date:2012-09-10T00:00:00
db:JVNDBid:JVNDB-2012-004237date:2012-09-11T00:00:00
db:CNNVDid:CNNVD-201209-134date:2012-09-13T00:00:00
db:NVDid:CVE-2010-5269date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-47874date:2012-09-07T00:00:00
db:JVNDBid:JVNDB-2012-004237date:2012-09-11T00:00:00
db:PACKETSTORMid:96441date:2010-12-08T10:30:38
db:CNNVDid:CNNVD-201209-134date:2012-09-13T00:00:00
db:NVDid:CVE-2010-5269date:2012-09-07T10:32:23.837