CVE-2010-3138
CVE-2010-3138
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/14765unverifiedcve_referencewww.exploit-db.com/exploits/14788unverifiedexploitdbwww.exploit-db.com/exploits/14765unverifiedexploitdbwww.exploit-db.com/exploits/14788unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/67588https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014http://secunia.com/advisories/41114https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132http://www.exploit-db.com/exploits/14765http://www.exploit-db.com/exploits/14788http://www.us-cert.gov/cas/techalerts/TA12-045A.htmlhttp://www.vupen.com/english/advisories/2010/2190http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php