Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2010-3138

Published: 27/08/2010 Updated: 12/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Windows Media Player

Vulnerability Summary

Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows_media_player

microsoft windows_xp

bsplayer bs.player

Exploits

Exploit DB: Media Player Classic 6.4.9.1 - 'iacenc.dll' DLL Hijacking
/* Media Player Classic 6491 (iacencdll) DLL Hijacking Exploit Vendor: Gabest Product Web Page: sourceforgenet/projects/guliverkli Affected Version: 6491 (revision 73) Summary: Media Player Classic (MPC) is a compact media player for 32-bit Microsoft Windows The application mimics the look and feel of the old, lightweight ...
Exploit DB: Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking
/* Mediaplayer Classic 1321890 Dll Hijack Exploit By: Encrypt3dM!nd Date: 25\8\2010 Download: mpc-hcsourceforgenet/ Details: Compile the following code and rename it to iacencdll and place file with one of the affected types in the same directory of the dll Affected types: m2ts, m2t, flv, hdmov, 3gpp,3gp, mpeg, mp4v, mkv, m2v,rm , r ...

References

NVD-CWE-Otherhttp://secunia.com/advisories/41114http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.phphttp://osvdb.org/67588http://www.exploit-db.com/exploits/14765http://www.exploit-db.com/exploits/14788http://www.vupen.com/english/advisories/2010/2190http://www.us-cert.gov/cas/techalerts/TA12-045A.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014https://nvd.nist.govhttps://www.exploit-db.com/exploits/14788/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook