Vulnerability Report

CVE-2010-3397

RCE

Title: Pgp Desktop RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2010-3397.

CWE Category NVD-CWE-noinfo

Published Date Sep 15, 2010

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

2.28%

Vulnerability Summary

CVE-2010-3397: Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file.

Impacted Vendors

pgp 1

avira 1

Reference Links

http://secunia.com/advisories/41135 http://www.securityfocus.com/archive/1/513596/100/0/threaded http://www.securityfocus.com/bid/42856 http://secunia.com/advisories/41135 http://www.securityfocus.com/archive/1/513596/100/0/threaded http://www.securityfocus.com/bid/42856

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2010-3397 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

September 15, 2010 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.