Test ID:	1.3.6.1.4.1.25623.1.0.801290
Category:	General
Title:	TortoiseSVN Insecure Library Loading Vulnerability
Summary:	TortoiseSVN is prone to insecure library loading vulnerability.
Description:	Summary: TortoiseSVN is prone to insecure library loading vulnerability. Vulnerability Insight: The flaw is due to the application insecurely loading certain libraries from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code and conduct DLL hijacking attacks. Affected Software/OS: TortoiseSVN 1.6.10, Build 19898 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3199 Bugtraq: 20100901 Tortoise SVN DLL Hijacking Vulnerability (Google Search) http://www.securityfocus.com/archive/1/513442/100/0/threaded http://www.securityfocus.com/archive/1/513463/100/0/threaded http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163 http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.