ID CVE-2010-3145
Summary Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
CVSS
Base: 9.3 (as of 30-08-2010 - 10:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Microsoft Vista BitLocker Drive Encryption API Hijacking Exploit (fveapi.dll). CVE-2010-3145. Local exploit for windows platform
file exploits/windows/local/14751.txt
id EDB-ID:14751
last seen 2016-02-01
modified 2010-08-25
platform windows
port
published 2010-08-25
reporter Beenu Arora
source https://www.exploit-db.com/download/14751/
title Microsoft Vista - BitLocker Drive Encryption API Hijacking Exploit fveapi.dll
type local
msbulletin via4
bulletin_id MS11-001
bulletin_url
date 2011-01-11T00:00:00
impact Remote Code Execution
knowledgebase_id 2478935
knowledgebase_url
severity Important
title Vulnerability in Windows Backup Manager Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS11-001.NASL
description The remote Windows host contains a version of the Windows Backup Manager that incorrectly restricts the path used for loading external libraries. If an attacker can trick a user into opening a specially crafted Windows Backup manager file that is located in the same network directory as a specially crafted dynamic link library file, he may be able to leverage this issue to execute arbitrary code subject to the user's privileges.
last seen 2019-02-21
modified 2018-11-15
plugin id 51454
published 2011-01-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=51454
title MS11-001: Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
oval via4
accepted 2014-03-03T04:00:21.355-05:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:5254
  • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6124
  • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5594
description Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:12273
status accepted
submitted 2011-01-11T13:00:00
title Backup Manager Insecure Library Loading Vulnerability
version 71
refmap via4
cert TA11-011A
exploit-db 14751
ms MS11-001
sectrack 1024948
vupen ADV-2011-0074
Last major update 20-07-2011 - 00:00
Published 27-08-2010 - 15:00
Last modified 12-10-2018 - 17:58
Back to Top