CVE-2010-3374

Published Oct 4, 2010

Last updated 3 months ago

CVSS info 6.9

Overview

Description: Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms 'The issue does not affect Windows or Mac OS X.'
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6783CAE-B776-40C5-B2E9-A39C19FD5691",
            "versionEndIncluding": "2.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:0.9.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13CCFF9E-DA2B-4156-B51F-E3BF0BAADD30"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:0.9.2:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26CF43D1-313D-42D7-8797-8F91335148F4"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70477134-5600-47BC-B4D1-841E1E40E7D5"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8B60E3E-88DC-460E-9174-DF1B9CA89AD5"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B698BFCD-F356-4272-861B-495E2B77032E"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6E44114-5453-4E1C-9252-E646D88DA04B"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.2.90:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE84F5F8-BF9D-46E0-A78A-EA32006FADF8"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21E07663-1337-42D5-8A75-36CF029A0D0D"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.3.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA658A38-2788-4686-A68F-8DC8D96FD4C4"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.3.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CE168CE-DE16-4851-ACA2-63912F7BB73E"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1E0BA93-5A34-4B12-88EA-61448C734430"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:2.0.0:alpha:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1362D084-E39D-4744-B6B3-5C76A536E170"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:2.0.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34364F85-A426-44EB-9E6A-61471CBA234C"
          },
          {
            "criteria": "cpe:2.3:a:nokia:qt_creator:2.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EFEEF32-72D5-4F92-B77D-D2225B5E555F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References