exploitDog

CVE-2010-3966

Опубликовано: 16 дек. 2010

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."

Комментарий

Per: http://cwe.mitre.org/data/definitions/426.html

'CWE-426: Untrusted Search Path'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*

EPSS

Процентиль: 98%

0.47326

Средний

9.3 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-j56w-cmcm-h2h2

github

больше 3 лет назад

Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."

EPSS

Процентиль: 98%

0.47326

Средний

9.3 Critical

CVSS2

Дефекты

NVD-CWE-Other