CVE-2010-3139 Information

Description

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users and possibly remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

Reference

http://osvdb.org/67535 http://secunia.com/advisories/41136 http://www.exploit-db.com/exploits/14758 http://www.vupen.com/english/advisories/2010/2200 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12209