CVE-2010-3145

Description

Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka Backup Manager Insecure Library Loading Vulnerability.

Risk Information

Base Score

7.8

MODERATE

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

13.593

Associated Vulnerability

Vulnerability	OS Platform
Security Update for Windows Vista (KB2478935) x86 based systems	Windows
Security Update for Windows Vista (KB2478935) x86 based systems for SP2	Windows
Security Update for Windows Vista for x64-based Systems (KB2478935)	Windows
Security Update for Windows Vista for x64-based Systems (KB2478935) for SP2	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234