CVE-2010-3199

Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default.

Published: 2010-09-10 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-3199 is rated High Risk (70.2/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 4.28%). EPSS rose +1.56% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-3199

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 2.72% 4.28% +1.56%
2 2025-03-30 6.76% 2.72% -4.04%
3 2025-03-29 6.76%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-3199

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.6 10.0 [email protected]

Weakness enumeration for CVE-2010-3199

Affected software / configurations for CVE-2010-3199

Vendor Product Version Raw CPE
tigris tortoisesvn <= 1.6.10 cpe:2.3:a:tigris:tortoisesvn:*:*:*:*:*:*:*:*
tigris tortoisesvn 0.1 cpe:2.3:a:tigris:tortoisesvn:0.1:*:*:*:*:*:*:*
tigris tortoisesvn 0.2 cpe:2.3:a:tigris:tortoisesvn:0.2:*:*:*:*:*:*:*
tigris tortoisesvn 0.3 cpe:2.3:a:tigris:tortoisesvn:0.3:*:*:*:*:*:*:*
tigris tortoisesvn 0.4 cpe:2.3:a:tigris:tortoisesvn:0.4:*:*:*:*:*:*:*
tigris tortoisesvn 0.5 cpe:2.3:a:tigris:tortoisesvn:0.5:*:*:*:*:*:*:*
tigris tortoisesvn 0.5.1 cpe:2.3:a:tigris:tortoisesvn:0.5.1:*:*:*:*:*:*:*
tigris tortoisesvn 0.6 cpe:2.3:a:tigris:tortoisesvn:0.6:*:*:*:*:*:*:*
tigris tortoisesvn 0.6.1 cpe:2.3:a:tigris:tortoisesvn:0.6.1:*:*:*:*:*:*:*
tigris tortoisesvn 0.7 cpe:2.3:a:tigris:tortoisesvn:0.7:*:*:*:*:*:*:*
tigris tortoisesvn 0.8 cpe:2.3:a:tigris:tortoisesvn:0.8:*:*:*:*:*:*:*
tigris tortoisesvn 0.8.1 cpe:2.3:a:tigris:tortoisesvn:0.8.1:*:*:*:*:*:*:*
tigris tortoisesvn 0.9.1 cpe:2.3:a:tigris:tortoisesvn:0.9.1:*:*:*:*:*:*:*
tigris tortoisesvn 0.9.2 cpe:2.3:a:tigris:tortoisesvn:0.9.2:*:*:*:*:*:*:*
tigris tortoisesvn 0.10.0 cpe:2.3:a:tigris:tortoisesvn:0.10.0:*:*:*:*:*:*:*
tigris tortoisesvn 0.11.0 cpe:2.3:a:tigris:tortoisesvn:0.11.0:*:*:*:*:*:*:*
tigris tortoisesvn 0.11.2 cpe:2.3:a:tigris:tortoisesvn:0.11.2:*:*:*:*:*:*:*
tigris tortoisesvn 0.12 cpe:2.3:a:tigris:tortoisesvn:0.12:*:*:*:*:*:*:*
tigris tortoisesvn 0.12.1 cpe:2.3:a:tigris:tortoisesvn:0.12.1:*:*:*:*:*:*:*
tigris tortoisesvn 0.14 cpe:2.3:a:tigris:tortoisesvn:0.14:*:*:*:*:*:*:*
tigris tortoisesvn 0.15 cpe:2.3:a:tigris:tortoisesvn:0.15:*:*:*:*:*:*:*
tigris tortoisesvn 0.15.1 cpe:2.3:a:tigris:tortoisesvn:0.15.1:*:*:*:*:*:*:*
tigris tortoisesvn 0.15.2 cpe:2.3:a:tigris:tortoisesvn:0.15.2:*:*:*:*:*:*:*
tigris tortoisesvn 0.16 cpe:2.3:a:tigris:tortoisesvn:0.16:*:*:*:*:*:*:*
tigris tortoisesvn 0.17 cpe:2.3:a:tigris:tortoisesvn:0.17:*:*:*:*:*:*:*
tigris tortoisesvn 0.18 cpe:2.3:a:tigris:tortoisesvn:0.18:*:*:*:*:*:*:*
tigris tortoisesvn 0.19 cpe:2.3:a:tigris:tortoisesvn:0.19:*:*:*:*:*:*:*
tigris tortoisesvn 0.20 cpe:2.3:a:tigris:tortoisesvn:0.20:*:*:*:*:*:*:*
tigris tortoisesvn 0.20.1 cpe:2.3:a:tigris:tortoisesvn:0.20.1:*:*:*:*:*:*:*
tigris tortoisesvn 0.20.2 cpe:2.3:a:tigris:tortoisesvn:0.20.2:*:*:*:*:*:*:*
tigris tortoisesvn 0.21 cpe:2.3:a:tigris:tortoisesvn:0.21:*:*:*:*:*:*:*
tigris tortoisesvn 0.22 cpe:2.3:a:tigris:tortoisesvn:0.22:*:*:*:*:*:*:*
tigris tortoisesvn 0.23 cpe:2.3:a:tigris:tortoisesvn:0.23:*:*:*:*:*:*:*
tigris tortoisesvn 0.24 cpe:2.3:a:tigris:tortoisesvn:0.24:*:*:*:*:*:*:*
tigris tortoisesvn 0.25 cpe:2.3:a:tigris:tortoisesvn:0.25:*:*:*:*:*:*:*
tigris tortoisesvn 0.26 cpe:2.3:a:tigris:tortoisesvn:0.26:*:*:*:*:*:*:*
tigris tortoisesvn 1.0 cpe:2.3:a:tigris:tortoisesvn:1.0:*:*:*:*:*:*:*
tigris tortoisesvn 1.0.1 cpe:2.3:a:tigris:tortoisesvn:1.0.1:*:*:*:*:*:*:*
tigris tortoisesvn 1.0.2 cpe:2.3:a:tigris:tortoisesvn:1.0.2:*:*:*:*:*:*:*
tigris tortoisesvn 1.0.3 cpe:2.3:a:tigris:tortoisesvn:1.0.3:*:*:*:*:*:*:*
tigris tortoisesvn 1.0.4 cpe:2.3:a:tigris:tortoisesvn:1.0.4:*:*:*:*:*:*:*
tigris tortoisesvn 1.0.5 cpe:2.3:a:tigris:tortoisesvn:1.0.5:*:*:*:*:*:*:*
tigris tortoisesvn 1.0.6 cpe:2.3:a:tigris:tortoisesvn:1.0.6:*:*:*:*:*:*:*
tigris tortoisesvn 1.0.7 cpe:2.3:a:tigris:tortoisesvn:1.0.7:*:*:*:*:*:*:*
tigris tortoisesvn 1.0.8 cpe:2.3:a:tigris:tortoisesvn:1.0.8:*:*:*:*:*:*:*
tigris tortoisesvn 1.1.0 cpe:2.3:a:tigris:tortoisesvn:1.1.0:*:*:*:*:*:*:*
tigris tortoisesvn 1.1.0 cpe:2.3:a:tigris:tortoisesvn:1.1.0:rc1:*:*:*:*:*:*
tigris tortoisesvn 1.1.0 cpe:2.3:a:tigris:tortoisesvn:1.1.0:rc2:*:*:*:*:*:*
tigris tortoisesvn 1.1.1 cpe:2.3:a:tigris:tortoisesvn:1.1.1:*:*:*:*:*:*:*
tigris tortoisesvn 1.1.2 cpe:2.3:a:tigris:tortoisesvn:1.1.2:*:*:*:*:*:*:*
tigris tortoisesvn 1.1.3 cpe:2.3:a:tigris:tortoisesvn:1.1.3:*:*:*:*:*:*:*
tigris tortoisesvn 1.1.4 cpe:2.3:a:tigris:tortoisesvn:1.1.4:*:*:*:*:*:*:*
tigris tortoisesvn 1.1.5 cpe:2.3:a:tigris:tortoisesvn:1.1.5:*:*:*:*:*:*:*
tigris tortoisesvn 1.1.6 cpe:2.3:a:tigris:tortoisesvn:1.1.6:*:*:*:*:*:*:*
tigris tortoisesvn 1.1.7 cpe:2.3:a:tigris:tortoisesvn:1.1.7:*:*:*:*:*:*:*
tigris tortoisesvn 1.2.0 cpe:2.3:a:tigris:tortoisesvn:1.2.0:*:*:*:*:*:*:*
tigris tortoisesvn 1.2.1 cpe:2.3:a:tigris:tortoisesvn:1.2.1:*:*:*:*:*:*:*
tigris tortoisesvn 1.2.2 cpe:2.3:a:tigris:tortoisesvn:1.2.2:*:*:*:*:*:*:*
tigris tortoisesvn 1.2.3 cpe:2.3:a:tigris:tortoisesvn:1.2.3:*:*:*:*:*:*:*
tigris tortoisesvn 1.2.4 cpe:2.3:a:tigris:tortoisesvn:1.2.4:*:*:*:*:*:*:*
tigris tortoisesvn 1.2.5 cpe:2.3:a:tigris:tortoisesvn:1.2.5:*:*:*:*:*:*:*
tigris tortoisesvn 1.2.6 cpe:2.3:a:tigris:tortoisesvn:1.2.6:*:*:*:*:*:*:*
tigris tortoisesvn 1.3.0 cpe:2.3:a:tigris:tortoisesvn:1.3.0:*:*:*:*:*:*:*
tigris tortoisesvn 1.3.1 cpe:2.3:a:tigris:tortoisesvn:1.3.1:*:*:*:*:*:*:*
tigris tortoisesvn 1.3.2 cpe:2.3:a:tigris:tortoisesvn:1.3.2:*:*:*:*:*:*:*
tigris tortoisesvn 1.3.3 cpe:2.3:a:tigris:tortoisesvn:1.3.3:*:*:*:*:*:*:*
tigris tortoisesvn 1.3.4 cpe:2.3:a:tigris:tortoisesvn:1.3.4:*:*:*:*:*:*:*
tigris tortoisesvn 1.3.5 cpe:2.3:a:tigris:tortoisesvn:1.3.5:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.0 cpe:2.3:a:tigris:tortoisesvn:1.4.0:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.0 cpe:2.3:a:tigris:tortoisesvn:1.4.0:rc1:*:*:*:*:*:*
tigris tortoisesvn 1.4.1 cpe:2.3:a:tigris:tortoisesvn:1.4.1:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.2 cpe:2.3:a:tigris:tortoisesvn:1.4.2:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.3 cpe:2.3:a:tigris:tortoisesvn:1.4.3:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.4 cpe:2.3:a:tigris:tortoisesvn:1.4.4:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.5 cpe:2.3:a:tigris:tortoisesvn:1.4.5:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.6 cpe:2.3:a:tigris:tortoisesvn:1.4.6:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.7 cpe:2.3:a:tigris:tortoisesvn:1.4.7:*:*:*:*:*:*:*
tigris tortoisesvn 1.4.8 cpe:2.3:a:tigris:tortoisesvn:1.4.8:*:*:*:*:*:*:*
tigris tortoisesvn 1.5.0 cpe:2.3:a:tigris:tortoisesvn:1.5.0:*:*:*:*:*:*:*
tigris tortoisesvn 1.5.0 cpe:2.3:a:tigris:tortoisesvn:1.5.0:alpha1:*:*:*:*:*:*

References for CVE-2010-3199

cvelogic Threat Intelligence