CVE-2010-3138

2010-08-2719:00:01

mitre

web.nvd.nist.gov

108

cve-2010-3138

indeo codec

untrusted search path vulnerability

windows xp

sp3

privilege escalation

iac25_32.ax

iacenc.dll

security vulnerability

nvd

microsoft

bs.player

media player classic

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.97

Percentile

99.8%

JSON

Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka “Indeo Codec Insecure Library Loading Vulnerability.” NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

microsoftwindows_media_player

AND

microsoftwindows_xpsp3

Node

bsplayerbs.player

VendorProductVersionCPE
microsoftwindows_media_player*cpe:2.3:a:microsoft:windows_media_player:*:*:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
bsplayerbs.player*cpe:2.3:a:bsplayer:bs.player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_media_player	*	cpe:2.3:a:microsoft:windows_media_player::::::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
bsplayer	bs.player	*	cpe:2.3:a:bsplayer:bs.player::::::::