CVE-2010-3138

CVE Database · CVE-2010-3138

CVE-2010-3138

· N/AModified

CVSS v3.1

N/A

EPSS

26.69%

Published

Aug 27, 2010

Modified

Apr 28, 2026

Public PoC / Exploit (3)

All weaponized →

Exploit-DBMedia Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking Exploit-DBMedia Player Classic 6.4.9.1 - 'iacenc.dll' DLL Hijacking TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.

Affected Products (3)

microsoft · windows_media_playervulnerable

microsoft · windows_xpvulnerable

bsplayer · bs.playervulnerable

References (18)

http://osvdb.org/67588

http://secunia.com/advisories/41114

Vendor Advisory

http://www.exploit-db.com/exploits/14765

Exploit

http://www.exploit-db.com/exploits/14788

Exploit