Vulnerabilities > CVE-2010-5082 - Unspecified vulnerability in Microsoft Windows Server 2008
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 |
Msbulletin
bulletin_id | MS12-012 |
bulletin_url | |
date | 2012-02-14T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2643719 |
knowledgebase_url | |
severity | Important |
title | Vulnerability in Color Control Panel Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS12-012.NASL |
description | The remote host contains a version of Windows Color Control Panel that is affected by an insecure library loading vulnerability. A remote attacker could exploit this by tricking a user into opening a .camp, .cdmp, .gmmp, .icc, or .icm file in a directory that also contains a malicious |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 57946 |
published | 2012-02-14 |
reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/57946 |
title | MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719) |
code |
|
Oval
accepted | 2012-04-02T04:00:10.497-04:00 | ||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||
description | Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." | ||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:14446 | ||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||
submitted | 2012-02-14T13:00:00 | ||||||||||||||||||||||||||||
title | Color Control Panel Insecure Library Loading Vulnerability | ||||||||||||||||||||||||||||
version | 73 |