ID CVE-2010-3966
Summary Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Windows Server 2008 R2 for Itanium-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:r2:-:itanium
  • Windows Server 2008 R2 for 32-bit Systems
    cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64
CVSS
Base: 9.3 (as of 17-12-2010 - 13:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS10-095
bulletin_url
date 2010-12-14T00:00:00
impact Remote Code Execution
knowledgebase_id 2385678
knowledgebase_url
severity Important
title Vulnerability in Microsoft Windows Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS10-095.NASL
description The remote Windows host contains a version of Windows BranchCache that incorrectly restricts the path used for loading external libraries. If an attacker can trick a user on the affected system into opening a specially crafted file (eg, .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer)) that is located in the same network directory as a specially crafted dynamic link library (DLL) file, he may be able to leverage this issue to execute arbitrary code subject to the user's privileges.
last seen 2019-02-21
modified 2018-11-15
plugin id 51167
published 2010-12-15
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=51167
title MS10-095: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
oval via4
accepted 2012-03-26T04:00:56.276-04:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
description Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:12163
status accepted
submitted 2010-06-08T13:00:00
title BranchCache Insecure Library Loading Vulnerability
version 72
refmap via4
bid 45295
cert TA10-348A
ms MS10-095
osvdb 69816
sectrack 1024877
secunia 42609
vupen ADV-2010-3218
Last major update 28-07-2011 - 00:00
Published 16-12-2010 - 14:33
Last modified 30-10-2018 - 12:27
Back to Top