CVE-2010-3144

2010-08-2719:00:02

[email protected]

web.nvd.nist.gov

cve-2010-3144

vulnerability

internet connection signup wizard

microsoft windows xp

server 2003

insecure library loading

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.744 High

EPSS

Percentile

98.2%

JSON

Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka “Internet Connection Signup Wizard Insecure Library Loading Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2003sp2

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

CPENameOperatorVersion
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_xpmicrosoft windows xpeq*
microsoft:windows_xpmicrosoft windows xpeq-