HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2010-3138

CVSS 9.3v2.0pub. 2010-08-27upd. 2026-04-29

Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.

CVSS Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Bsplayer Bs.player

    APP
    Bsplayer
    wszystkie wersje
  • Microsoft Windows Media Player

    APP
    Microsoft
    wszystkie wersje
  • Microsoft Windows Xp

    OS
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2014-1776CRITICAL9.8⚠ KEVten sam produkt

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute ar...

CVE-2008-4250CRITICAL9.8⚠ KEVten sam produkt

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1,...

CVE-2019-5620CRITICAL9.8ten sam produkt

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical...

CVE-2020-7485CRITICAL9.8ten sam produkt

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and...

CVE-2012-1891CRITICAL9.8ten sam produkt

Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access ...