Vulnerabilities > CVE-2010-3140 - Unspecified vulnerability in Microsoft Windows XP

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

microsoft

critical

exploit available

NVD

Published: 2010-08-27

Updated: 2017-09-19

Summary

Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 - 'Untrusted Search Path Vulnerability'

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows XP *	1

Exploit-Db

description	Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll). CVE-2010-3140. Local exploit for windows platform
file	exploits/windows/local/14780.c
id	EDB-ID:14780
last seen	2016-02-01
modified	2010-08-25
platform	windows
port
published	2010-08-25
reporter	ALPdaemon
source	https://www.exploit-db.com/download/14780/
title	Windows Internet Communication Settings DLL Hijacking Exploit schannel.dll
type	local

Oval

accepted

2011-05-09T04:01:40.740-04:00

class

vulnerability

contributors

name Preeti Subramanian
organization SecPod Technologies
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment Microsoft Windows XP (x86) SP2 is installed
oval oval:org.mitre.oval:def:754
comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631

description

family

windows

oval:org.mitre.oval:def:6743

status

accepted

submitted

2010-10-04T04:39:22

title

Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 and Windows XP SP2

version

Summary

Vulnerable Configurations

Exploit-Db

Oval

References