CVE-2010-3138

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP SP3

Description The issue allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory. This can be demonstrated by access through media players to a directory containing specific file types, such as .avi, .mka, .ra, or .ram files. A remote code execution vulnerability exists in the way the Indeo Codec handles the loading of DLL files, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows XP SP3, consider restricting access to the Indeo Codec or avoiding the use of potentially vulnerable media players until a fix is available. As a temporary workaround, users should be cautious of directories containing .avi, .mka, .ra, or .ram files and avoid using them with media players that could trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.