CVE-2010-3139

Microsoft Windows Progman Group Converter - RCE

Title source: llm

Description

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Beenu Arora · clocalwindows

https://www.exploit-db.com/exploits/14758

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/41136

[Exploit] http://www.exploit-db.com/exploits/14758

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2200

[Third Party Advisory, VDB Entry] http://osvdb.org/67535

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12209

Scores

EPSS 0.1709

EPSS Percentile 95.0%

Details

Status published

Products (1)

microsoft/windows

Published Aug 27, 2010

Tracked Since Feb 18, 2026