CVE-2010-3138
Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
Una vulnerabilidad de ruta (path) de búsqueda no confiable en el Códec Indeo en el archivo iac25_32.ax en Microsoft Windows XP SP3, permite a los usuarios locales alcanzar privilegios por medio de un archivo iacenc.dll de tipo caballo de Troya en el directorio de trabajo actual, como es demostrado por el acceso por medio de BS.Player o Media Player Classic a un directorio que contiene un archivo .avi, .mka, .ra o .ram, también se conoce como "Indeo Codec Insecure Library Loading Vulnerability" NOTA: algunos de estos datos se obtienen de información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-08-25 First Exploit
- 2010-08-27 CVE Reserved
- 2010-08-27 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/67588 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA12-045A.html | Third Party Advisory | |
| http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php | X_refsource_misc | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/14765 | 2010-08-25 | |
| https://www.exploit-db.com/exploits/14788 | 2010-08-25 | |
| http://www.exploit-db.com/exploits/14765 | 2024-08-07 | |
| http://www.exploit-db.com/exploits/14788 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/41114 | 2018-10-12 | |
| http://www.vupen.com/english/advisories/2010/2190 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Media Player Search vendor "Microsoft" for product "Windows Media Player" | * | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Affected
|
| Bsplayer Search vendor "Bsplayer" | Bs.player Search vendor "Bsplayer" for product "Bs.player" | * | - |
Affected
| ||||||