Vulnerability Description
Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ncp-E | Secure Client | <= 9.23 |
| Ncp-E | Secure Enterprise Client | <= 9.21 |
| Ncp-E | Secure Entry Client | <= 9.23 |
References
- http://secunia.com/advisories/41388Vendor Advisory
- http://www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_StatVendor Advisory
- http://secunia.com/advisories/41388Vendor Advisory
- http://www.ncp-e.com/fileadmin/pdf/service_support/NCP_Client_Vulnerability_StatVendor Advisory
FAQ
What is CVE-2010-5203?
CVE-2010-5203 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 ...
How severe is CVE-2010-5203?
CVE-2010-5203 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5203?
Check the references section above for vendor advisories and patch information. Affected products include: Ncp-E Secure Client, Ncp-E Secure Enterprise Client, Ncp-E Secure Entry Client.