CVE-2010-3144
Microsoft Internet Connection Signup Wizard - 'smmscrpt.dll' DLL Hijacking
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
La vulnerabilidad de ruta de búsqueda no confiable en el Asistente de Registro de Conexión a Internet en Microsoft Windows XP SP2 y SP3 y Server 2003 SP2 permite a los usuarios locales alcanzar privilegios por medio de la biblioteca smmscrpt.dll de tipo caballo de Troya en el directorio de trabajo actual, como es demostrado por un directorio que contiene un archivo ISP o INS, también se conoce como "Internet Connection Signup Wizard Insecure Library Loading Vulnerability".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-08-25 First Exploit
- 2010-08-27 CVE Reserved
- 2010-08-27 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1024879 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA10-348A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11993 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/14754 | 2010-08-25 | |
| http://www.exploit-db.com/exploits/14754 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-097 | 2019-02-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2, x64 |
Affected
| ||||||