| Revision Date: | 2015-08-10 | Version: | 21 | | Title: | Insecure Library Loading Vulnerability | | Description: | Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability." | | Family: | windows | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2010-3965
| | Platform(s): | Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Windows Media Encoder
| | Definition Synopsis | | Windows Media Encoder is installed AND
Windows Media Encoder 9, 32-bit version
Microsoft Windows XP x86, Server 2003 x86/x64, Vista 32-bit/x64, Server 2008 x86/x64
Microsoft Windows XP (32-bit) is installed
OR Microsoft Windows Server 2003 (32-bit) is installed
OR Microsoft Windows Server 2003 (x64) is installed
OR Microsoft Windows Vista (32-bit) is installed
OR Microsoft Windows Vista x64 Edition is installed
OR Microsoft Windows Server 2008 (32-bit) is installed
OR Microsoft Windows Server 2008 (64-bit) is installed
AND the version of Wmenceng.dll is greater than or equal to 9.0.0.0
AND the version of Wmenceng.dll is less than 9.0.0.3374
OR Windows Media Encoder 9, 64-bit version
Microsoft Windows XP x64, Server 2003 x64, Vista x64, Server 2008 x64
Microsoft Windows XP x64 is installed
OR Microsoft Windows Server 2003 (x64) is installed
OR Microsoft Windows Vista x64 Edition is installed
OR Microsoft Windows Server 2008 (64-bit) is installed
AND the version of Wmenceng.dll is greater than or equal to 10.0.0.0
AND the version of Wmenceng.dll is less than 10.0.0.3822
|
|