Untrusted Search Path Vulnerability in Microsoft Windows Movie Maker
CVE-2010-3967

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Movie Maker
Vendor: CVE Published:; 16 December 2010

What is CVE-2010-3967?

The untrusted search path vulnerability in Microsoft Windows Movie Maker 2.6 allows local users to execute Trojan horse DLLs located within the current working directory. This can lead to unauthorized privilege escalation when a crafted Movie Maker project file (MSWMM) is accessed, enabling an attacker to execute malicious code. Users should ensure that they handle files securely and implement proper security measures to prevent exploitation of this vulnerability.

References

http://www.us-cert.gov/cas/techalerts/TA10-348A.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/42607

third-party-advisoryx_refsource_SECUNIA

EPSS Score

47% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2010
Vulnerability Reserved
Oct 14, 2010