6.9

CVE-2010-3374

Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NokiaQt Creator Version <= 2.0.0
NokiaQt Creator Version0.9.1 Updatebeta
NokiaQt Creator Version0.9.2 Updaterc1
NokiaQt Creator Version1.0.0
NokiaQt Creator Version1.1.0
NokiaQt Creator Version1.1.0 Updaterc1
NokiaQt Creator Version1.2.0
NokiaQt Creator Version1.2.90
NokiaQt Creator Version1.3.0
NokiaQt Creator Version1.3.0 Updatebeta
NokiaQt Creator Version1.3.0 Updaterc1
NokiaQt Creator Version1.3.1
NokiaQt Creator Version2.0.0 Updatealpha
NokiaQt Creator Version2.0.0 Updatebeta
NokiaQt Creator Version2.0.0 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.264
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:193
http://www.qt.gitorious.org/qt-creator/qt-creator/commit/3c00715c8e90c57953ec4a8716110f6954e524e4
Patch
http://www.securityfocus.com/bid/43672
http://www.vupen.com/english/advisories/2010/2559
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2560
Vendor Advisory