CVE-2010-3199
NONE
Published Sep 10, 201015y ago · Modified Jun 16, 20262w ago
Published Sep 10, 2010 15y ago
Last Modified Jun 16, 2026 2w ago
Description
Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-264
Affected Products 99
| Vendor | Product | Version | Range |
|---|---|---|---|
| tigris | tortoisesvn | * | ≤1.6.10 |
| tigris | tortoisesvn | 0.1 | any |
| tigris | tortoisesvn | 0.2 | any |
| tigris | tortoisesvn | 0.3 | any |
| tigris | tortoisesvn | 0.4 | any |
| tigris | tortoisesvn | 0.5 | any |
| tigris | tortoisesvn | 0.5.1 | any |
| tigris | tortoisesvn | 0.6 | any |
| tigris | tortoisesvn | 0.6.1 | any |
| tigris | tortoisesvn | 0.7 | any |
| tigris | tortoisesvn | 0.8 | any |
| tigris | tortoisesvn | 0.8.1 | any |
| tigris | tortoisesvn | 0.9.1 | any |
| tigris | tortoisesvn | 0.9.2 | any |
| tigris | tortoisesvn | 0.10.0 | any |
| tigris | tortoisesvn | 0.11.0 | any |
| tigris | tortoisesvn | 0.11.2 | any |
| tigris | tortoisesvn | 0.12 | any |
| tigris | tortoisesvn | 0.12.1 | any |
| tigris | tortoisesvn | 0.14 | any |
| tigris | tortoisesvn | 0.15 | any |
| tigris | tortoisesvn | 0.15.1 | any |
| tigris | tortoisesvn | 0.15.2 | any |
| tigris | tortoisesvn | 0.16 | any |
| tigris | tortoisesvn | 0.17 | any |
| tigris | tortoisesvn | 0.18 | any |
| tigris | tortoisesvn | 0.19 | any |
| tigris | tortoisesvn | 0.20 | any |
| tigris | tortoisesvn | 0.20.1 | any |
| tigris | tortoisesvn | 0.20.2 | any |
| tigris | tortoisesvn | 0.21 | any |
| tigris | tortoisesvn | 0.22 | any |
| tigris | tortoisesvn | 0.23 | any |
| tigris | tortoisesvn | 0.24 | any |
| tigris | tortoisesvn | 0.25 | any |
| tigris | tortoisesvn | 0.26 | any |
| tigris | tortoisesvn | 1.0 | any |
| tigris | tortoisesvn | 1.0.1 | any |
| tigris | tortoisesvn | 1.0.2 | any |
| tigris | tortoisesvn | 1.0.3 | any |
| tigris | tortoisesvn | 1.0.4 | any |
| tigris | tortoisesvn | 1.0.5 | any |
| tigris | tortoisesvn | 1.0.6 | any |
| tigris | tortoisesvn | 1.0.7 | any |
| tigris | tortoisesvn | 1.0.8 | any |
| tigris | tortoisesvn | 1.1.0 | any |
| tigris | tortoisesvn | 1.1.0 | any |
| tigris | tortoisesvn | 1.1.0 | any |
| tigris | tortoisesvn | 1.1.1 | any |
| tigris | tortoisesvn | 1.1.2 | any |
| tigris | tortoisesvn | 1.1.3 | any |
| tigris | tortoisesvn | 1.1.4 | any |
| tigris | tortoisesvn | 1.1.5 | any |
| tigris | tortoisesvn | 1.1.6 | any |
| tigris | tortoisesvn | 1.1.7 | any |
| tigris | tortoisesvn | 1.2.0 | any |
| tigris | tortoisesvn | 1.2.1 | any |
| tigris | tortoisesvn | 1.2.2 | any |
| tigris | tortoisesvn | 1.2.3 | any |
| tigris | tortoisesvn | 1.2.4 | any |
| tigris | tortoisesvn | 1.2.5 | any |
| tigris | tortoisesvn | 1.2.6 | any |
| tigris | tortoisesvn | 1.3.0 | any |
| tigris | tortoisesvn | 1.3.1 | any |
| tigris | tortoisesvn | 1.3.2 | any |
| tigris | tortoisesvn | 1.3.3 | any |
| tigris | tortoisesvn | 1.3.4 | any |
| tigris | tortoisesvn | 1.3.5 | any |
| tigris | tortoisesvn | 1.4.0 | any |
| tigris | tortoisesvn | 1.4.0 | any |
| tigris | tortoisesvn | 1.4.1 | any |
| tigris | tortoisesvn | 1.4.2 | any |
| tigris | tortoisesvn | 1.4.3 | any |
| tigris | tortoisesvn | 1.4.4 | any |
| tigris | tortoisesvn | 1.4.5 | any |
| tigris | tortoisesvn | 1.4.6 | any |
| tigris | tortoisesvn | 1.4.7 | any |
| tigris | tortoisesvn | 1.4.8 | any |
| tigris | tortoisesvn | 1.5.0 | any |
| tigris | tortoisesvn | 1.5.0 | any |
| tigris | tortoisesvn | 1.5.0 | any |
| tigris | tortoisesvn | 1.5.0 | any |
| tigris | tortoisesvn | 1.5.0 | any |
| tigris | tortoisesvn | 1.5.0 | any |
| tigris | tortoisesvn | 1.5.1 | any |
| tigris | tortoisesvn | 1.5.2 | any |
| tigris | tortoisesvn | 1.5.3 | any |
| tigris | tortoisesvn | 1.5.4 | any |
| tigris | tortoisesvn | 1.5.5 | any |
| tigris | tortoisesvn | 1.5.6 | any |
| tigris | tortoisesvn | 1.5.7 | any |
| tigris | tortoisesvn | 1.5.8 | any |
| tigris | tortoisesvn | 1.5.9 | any |
| tigris | tortoisesvn | 1.5.10 | any |
| tigris | tortoisesvn | 1.6.0 | any |
| tigris | tortoisesvn | 1.6.3 | any |
| tigris | tortoisesvn | 1.6.4 | any |
| tigris | tortoisesvn | 1.6.5 | any |
| tigris | tortoisesvn | 1.6.6 | any |
References 4
- tortoisesvn.tigris.org http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163
- tortoisesvn.tigris.org http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc
- securityfocus.com http://www.securityfocus.com/archive/1/513442/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/513463/100/0/threaded
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.