| ID |
CVE-2010-3145
|
| Summary |
Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 12-10-2018 - 21:58) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS11-001 | | bulletin_url | | | date | 2011-01-11T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 2478935 | | knowledgebase_url | | | severity | Important | | title | Vulnerability in Windows Backup Manager Could Allow Remote Code Execution |
|
| oval
via4
|
| accepted | 2014-03-03T04:00:21.355-05:00 | | class | vulnerability | | contributors | | name | Josh Turpin | | organization | Symantec Corporation |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | definition_extensions | | comment | Microsoft Windows Vista (32-bit) Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:4873 |
| comment | Microsoft Windows Vista x64 Edition Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:5254 |
| comment | Microsoft Windows Vista (32-bit) Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:6124 |
| comment | Microsoft Windows Vista x64 Edition Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:5594 |
| | description | Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:12273 | | status | accepted | | submitted | 2011-01-11T13:00:00 | | title | Backup Manager Insecure Library Loading Vulnerability | | version | 78 |
|
| refmap
via4
|
| cert | TA11-011A | | exploit-db | 14751 | | sectrack | 1024948 | | vupen | ADV-2011-0074 |
|
| Last major update |
12-10-2018 - 21:58 |
| Published |
27-08-2010 - 19:00 |
| Last modified |
12-10-2018 - 21:58 |
