Vulnerability in Apple Itunes
CVE-2010-3190
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Ser…
EPSS: 0.392 (97.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Apple Itunes — versions 12.1.3
- Microsoft Visual_c\+\+ — versions 2008, 2010, 2005
- Microsoft Visual_studio — versions 2008, 2010, 2005
- Microsoft Visual_studio_.net — versions 2003
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- cve@mitre.org (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- cve@mitre.org (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
- cve@mitre.org (x_refsource_MISC, Broken Link)
- cve@mitre.org (signature, x_refsource_OVAL, Third Party Advisory, vdb-entry)
- cve@mitre.org (x_refsource_MS, vendor-advisory, Patch, Vendor Advisory)
- cve@mitre.org (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- cve@mitre.org (vendor-advisory, x_refsource_APPLE, Mailing List, Vendor Advisory)
Frequently asked questions
- What is CVE-2010-3190?
- CVE-2010-3190 is a high-severity vulnerability in Apple Itunes, classified under Untrusted Search Path. CVSS score: 7.8/10. Published 2010-08-31.
- How severe is CVE-2010-3190?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2010-3190 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.