CVE-2011-0032

2011-03-0923:00:01

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

0.288

Percentile

96.9%

JSON

Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka “DirectShow Insecure Library Loading Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_7Match-

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_server_2008Matchr2x64

microsoftwindows_vistasp1

microsoftwindows_vistasp2

Node

microsoftwindows_media_center_tv_pack

AND

microsoftwindows_vistax32

microsoftwindows_vistax64

VendorProductVersionCPE
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
microsoftwindows_media_center_tv_pack*cpe:2.3:a:microsoft:windows_media_center_tv_pack:*:*:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:x32:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:::::::*
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
microsoft	windows_server_2008	r2	cpe:2.3:o:microsoft:windows_server_2008:r2::x64:::::
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::sp2::::::*
microsoft	windows_media_center_tv_pack	*	cpe:2.3:a:microsoft:windows_media_center_tv_pack::::::::
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista:::x32:::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista:::x64:::::*