Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-3138

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2010-3138
Last Modified 18 Jul 2013 11:57:17
Published 27 Aug 2010 03:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-3138

Summary

Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Operating System

  • Microsoft Windows

  • Microsoft Windows Xp

Application

  • Bsplayer Bs.player

  • Microsoft Windows Media Player


References

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php

VUPEN - ADV-2010-2190

EXPLOIT-DB - 14788

EXPLOIT-DB - 14765

SECUNIA - 41114

OSVDB - 67588

MS - MS12-014

CERT - TA12-045A

Related Patches

MS12-014 Security Update for Windows XP (KB2661637)


Last Updated: 27 May 2016 10:57:26