CVE-2010-5203

Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
ncp-esecure_client
𝑥
≤ 9.23
ncp-esecure_enterprise_client
𝑥
≤ 9.21
ncp-esecure_entry_client
𝑥
≤ 9.23
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/41388
http://www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_Statement_EN.pdf
http://secunia.com/advisories/41388
http://www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_Statement_EN.pdf