CVE-2010-3965

Name of the Vulnerable Software and Affected Versions Windows Media Encoder 9 versions on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. This can be demonstrated by a directory that contains a Windows Media Profile (PRX) file. The problem is related to an untrusted search path vulnerability, also referred to as an "Insecure Library Loading Vulnerability."

Recommendations For Windows Media Encoder 9 on the affected Microsoft Windows versions, consider restricting access to the current working directory to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.