9.3

CVE-2010-3124

Exploit
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located in the same folder as a .mp3 file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VideolanVlc Media Player Version <= 1.1.3
VideolanVlc Media Player Version0.1.99b
VideolanVlc Media Player Version0.1.99e
VideolanVlc Media Player Version0.1.99f
VideolanVlc Media Player Version0.1.99g
VideolanVlc Media Player Version0.1.99h
VideolanVlc Media Player Version0.1.99i
VideolanVlc Media Player Version0.2.0
VideolanVlc Media Player Version0.2.60
VideolanVlc Media Player Version0.2.61
VideolanVlc Media Player Version0.2.62
VideolanVlc Media Player Version0.2.63
VideolanVlc Media Player Version0.2.70
VideolanVlc Media Player Version0.2.71
VideolanVlc Media Player Version0.2.72
VideolanVlc Media Player Version0.2.73
VideolanVlc Media Player Version0.2.80
VideolanVlc Media Player Version0.2.81
VideolanVlc Media Player Version0.2.82
VideolanVlc Media Player Version0.2.83
VideolanVlc Media Player Version0.2.90
VideolanVlc Media Player Version0.2.91
VideolanVlc Media Player Version0.2.92
VideolanVlc Media Player Version0.3.0
VideolanVlc Media Player Version0.3.1
VideolanVlc Media Player Version0.4.0
VideolanVlc Media Player Version0.4.1
VideolanVlc Media Player Version0.4.2
VideolanVlc Media Player Version0.4.3
VideolanVlc Media Player Version0.4.4
VideolanVlc Media Player Version0.4.5
VideolanVlc Media Player Version0.4.6
VideolanVlc Media Player Version0.5.0
VideolanVlc Media Player Version0.5.1
VideolanVlc Media Player Version0.5.2
VideolanVlc Media Player Version0.5.3
VideolanVlc Media Player Version0.6.0
VideolanVlc Media Player Version0.6.1
VideolanVlc Media Player Version0.6.2
VideolanVlc Media Player Version0.7.0
VideolanVlc Media Player Version0.7.2
VideolanVlc Media Player Version0.8.0
VideolanVlc Media Player Version0.8.1
VideolanVlc Media Player Version0.8.2
VideolanVlc Media Player Version0.8.4
VideolanVlc Media Player Version0.8.5
VideolanVlc Media Player Version0.8.6
VideolanVlc Media Player Version0.9.2
VideolanVlc Media Player Version0.9.3
VideolanVlc Media Player Version0.9.4
VideolanVlc Media Player Version0.9.5
VideolanVlc Media Player Version0.9.6
VideolanVlc Media Player Version0.9.8a
VideolanVlc Media Player Version0.9.9
VideolanVlc Media Player Version0.9.10
VideolanVlc Media Player Version1.0.0
VideolanVlc Media Player Version1.0.1
VideolanVlc Media Player Version1.0.2
VideolanVlc Media Player Version1.0.3
VideolanVlc Media Player Version1.0.4
VideolanVlc Media Player Version1.0.5
VideolanVlc Media Player Version1.0.6
VideolanVlc Media Player Version1.1.0
VideolanVlc Media Player Version1.1.1
VideolanVlc Media Player Version1.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.51% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.videolan.org/?p=vlc/vlc-1.1.git%3Ba=blobdiff%3Bf=bin/winvlc.c%3Bh=ac9b97ca9f5f9ba001f13bf61eb5127a1c1dbcbf%3Bhp=2d09cba320e3b0def7069ce1ebab25d1340161c5%3Bhb=43a31df56c37bd62c691cdbe3c1f11babd164b56%3Bhpb=2d366da738b19f8d761d7084746c6db6f52808c6
http://secunia.com/advisories/41107
Vendor Advisory
http://www.exploit-db.com/exploits/14750
Exploit
http://www.openwall.com/lists/oss-security/2010/08/25/10
http://www.openwall.com/lists/oss-security/2010/08/25/9
Patch
http://www.vupen.com/english/advisories/2010/2172
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12190