CVE-2010-5082

2012-01-1719:55:00

microsoft

web.nvd.nist.gov

cve-2010-5082

untrusted search path vulnerability

colorcpl.exe

microsoft windows server 2008

local privilege escalation

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.796

Percentile

98.4%

JSON

Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka “Color Control Panel Insecure Library Loading Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_server_2008sp2

microsoftwindows_server_2008Match-sp2

VendorProductVersionCPE
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::sp2::::::*
microsoft	windows_server_2008	-	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::