Vulnerability Details CVE-2010-3138
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.475
EPSS Ranking 97.5%
CVSS Severity
CVSS v2 Score 9.3
References
- http://osvdb.org/67588
- http://secunia.com/advisories/41114
- http://www.exploit-db.com/exploits/14765
- http://www.exploit-db.com/exploits/14788
- http://www.us-cert.gov/cas/techalerts/TA12-045A.html
- http://www.vupen.com/english/advisories/2010/2190
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132
- http://osvdb.org/67588
- http://secunia.com/advisories/41114
- http://www.exploit-db.com/exploits/14765
- http://www.exploit-db.com/exploits/14788
- http://www.us-cert.gov/cas/techalerts/TA12-045A.html
- http://www.vupen.com/english/advisories/2010/2190
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132
Products affected by CVE-2010-3138
-
cpe:2.3:a:bsplayer:bs.player:*
-
cpe:2.3:a:microsoft:windows_media_player:-
-
cpe:2.3:a:microsoft:windows_media_player:10
-
cpe:2.3:a:microsoft:windows_media_player:10.00.00.3646
-
cpe:2.3:a:microsoft:windows_media_player:10.00.00.3990
-
cpe:2.3:a:microsoft:windows_media_player:10.00.00.4019
-
cpe:2.3:a:microsoft:windows_media_player:10.00.00.4036
-
cpe:2.3:a:microsoft:windows_media_player:11
-
cpe:2.3:a:microsoft:windows_media_player:11.0.5721.5145
-
cpe:2.3:a:microsoft:windows_media_player:11.0.5721.5230
-
cpe:2.3:a:microsoft:windows_media_player:11.0.6000.6324
-
cpe:2.3:a:microsoft:windows_media_player:12
-
cpe:2.3:a:microsoft:windows_media_player:6.3
-
cpe:2.3:a:microsoft:windows_media_player:6.4
-
cpe:2.3:a:microsoft:windows_media_player:7
-
cpe:2.3:a:microsoft:windows_media_player:7.1
-
cpe:2.3:a:microsoft:windows_media_player:8
-
cpe:2.3:a:microsoft:windows_media_player:8.00.00.4477
-
cpe:2.3:a:microsoft:windows_media_player:9
-
cpe:2.3:a:microsoft:windows_media_player:9.00.00.2980
-
cpe:2.3:a:microsoft:windows_media_player:9.00.00.3250
-
cpe:2.3:a:microsoft:windows_media_player:9.00.00.3349
-
cpe:2.3:a:microsoft:windows_media_player:xp
-
cpe:2.3:o:microsoft:windows_xp:-
-
cpe:2.3:o:microsoft:windows_xp:unknown