Untrusted Search Path Vulnerability in Google Earth by Google
CVE-2010-3134

Currently unrated

Key Information:

Vendor: Google
Status: Earth
Vendor: CVE Published:; 26 August 2010

Summary

A vulnerability exists in Google Earth versions prior to 5.1.3535.3218, where the application does not securely handle file paths. This flaw enables local users or potentially remote attackers to execute arbitrary code through DLL hijacking. If a crafted .kmz file is placed in the same directory as a malicious quserex.dll, it can lead to unintentional code execution, exposing systems to various security risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64484

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/14790

exploitx_refsource_EXPLOIT-DB

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Aug 26, 2010
Vulnerability Reserved
Aug 26, 2010