Lucene search

[email protected]NVD:CVE-2010-3965

HistoryDec 16, 2010 - 7:33 p.m.

CVE-2010-3965

2010-12-1619:33:03

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

High

EPSS

0.959

Percentile

99.5%

JSON

Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka “Insecure Library Loading Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_media_encoderMatch9-x86

microsoftwindows_media_encoderMatch9_series

AND

microsoftwindows_server_2003sp2

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

Node

microsoftwindows_media_encoderMatch9-x64

microsoftwindows_media_encoderMatch9_series

AND

microsoftwindows_server_2003sp2

microsoftwindows_server_2008x64

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_xpMatch-sp2x64

VendorProductVersionCPE
microsoftwindows_media_encoder9cpe:2.3:a:microsoft:windows_media_encoder:9:-:x86:*:*:*:*:*
microsoftwindows_media_encoder9_seriescpe:2.3:a:microsoft:windows_media_encoder:9_series:*:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_media_encoder	9	cpe:2.3:a:microsoft:windows_media_encoder:9:-:x86:::::*
microsoft	windows_media_encoder	9_series	cpe:2.3:a:microsoft:windows_media_encoder:9_series:::::::*
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::sp2:x32:::::
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*