Lucene search

[email protected]CVE-2010-3967

HistoryDec 16, 2010 - 7:33 p.m.

CVE-2010-3967

2010-12-1619:33:03

[email protected]

web.nvd.nist.gov

cve-2010-3967

untrusted search path

microsoft

windows movie maker

wmm 2.6

local users

privileges

trojan horse dll

insecure library loading vulnerability.

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.7%

JSON

Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka “Insecure Library Loading Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_movie_makerMatch2.6

AND

microsoftwindows_vistasp1

microsoftwindows_vistasp2

CPENameOperatorVersion
microsoft:windows_movie_makermicrosoft windows movie makereq2.6

CPE	Name	Operator	Version
microsoft:windows_movie_maker	microsoft windows movie maker	eq	2.6

References

secunia.com/advisories/42607

www.securitytracker.com/id?1024875

www.us-cert.gov/cas/techalerts/TA10-348A.html

www.vupen.com/english/advisories/2010/3216

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-093

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12250

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2010-3967

nvd1 openvas2 nessus1 prion1 cvelist1 checkpoint_advisories1 securityvulns1