CVE-2010-3965

3 documents3 sources

Severity

9.3CRITICAL

EPSS

53.7%

top 2.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Media Encoder

Timeline

PublishedDec 16

Latest updateMay 14

Description

Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windows_media_encoder9, 9_series+1

🔴Vulnerability Details

GHSA

GHSA-8f6w-qp5c-mcr7: Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2↗2022-05-14

▶

CVEList

CVE-2010-3965: Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2↗2010-12-16

▶