CVE-2010-4833

EUVD-2010-4798
Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
gnomegtk
𝑥
< 2.24.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gtk+2.0
bookworm
2.24.33-2+deb12u1
fixed
bullseye
2.24.33-2+deb11u1
fixed
sid
2.24.33-6
fixed
trixie
2.24.33-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gtk+2.0
hardy
ignored
lucid
ignored
maverick
ignored
natty
ignored
Common Weakness Enumeration
References
http://git.gnome.org/browse/gtk+/commit/modules/engines/ms-windows/xp_theme.c?h=gtk-2-24&id=d6e11a97e318158f5d210a0476870dfe14ed95e6
http://secunia.com/advisories/45815
http://www.securityfocus.com/bid/49449
http://git.gnome.org/browse/gtk+/commit/modules/engines/ms-windows/xp_theme.c?h=gtk-2-24&id=d6e11a97e318158f5d210a0476870dfe14ed95e6
http://secunia.com/advisories/45815
http://www.securityfocus.com/bid/49449