Untrusted Search Path Vulnerability in GTK+ for Windows
CVE-2010-4833

Currently unrated

Key Information:

Vendor: Gnome
Status: Gtk
Vendor: CVE Published:; 6 September 2011

What is CVE-2010-4833?

An untrusted search path vulnerability exists in the GTK+ toolkit, specifically in the Windows implementation prior to version 2.24.0. This flaw allows local users to gain elevated privileges by exploiting a Trojan horse uxtheme.dll file placed in the current working directory. The vulnerability arises from improper handling of libraries during application startup, which can lead to a potential security breach if exploited.

References

http://www.securityfocus.com/bid/49449

vdb-entryx_refsource_BID

http://git.gnome.org/browse/gtk+/commit/modules/engines/m...

x_refsource_CONFIRM

http://secunia.com/advisories/45815

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2011
Vulnerability Reserved
Sep 6, 2011

Gnome

What is CVE-2010-4833?

References

Timeline