{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T01:47:32.177","vulnerabilities":[{"cve":{"id":"CVE-2010-3967","sourceIdentifier":"secure@microsoft.com","published":"2010-12-16T19:33:03.473","lastModified":"2025-04-11T00:51:21.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka \"Insecure Library Loading Vulnerability.\""},{"lang":"es","value":"Vulnerabilidad de ruta de búsqueda no confiable en Microsoft Windows Movie Maker (WMM) v2.6 permite a usuarios locales conseguir privilegios a través de un archivo DLL caballo de Troya en el directorio de trabajo actual, como se demostró con un directorio que contiene un archivo Movie Maker (MSWMM), también conocido como \"Vulnerabilidad de Biblioteca de carga Insegura\"."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:windows_movie_maker:2.6:*:*:*:*:*:*:*","matchCriteriaId":"C565CC12-F05A-4E6E-90D5-823D7FF0A486"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*","matchCriteriaId":"C162FFF0-1E8F-4DCF-A08F-6C6E324ED878"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0A0D2704-C058-420B-B368-372D1129E914"}]}]}],"references":[{"url":"http://secunia.com/advisories/42607","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id?1024875","source":"secure@microsoft.com"},{"url":"http://www.us-cert.gov/cas/techalerts/TA10-348A.html","source":"secure@microsoft.com","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2010/3216","source":"secure@microsoft.com","tags":["Vendor Advisory"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-093","source":"secure@microsoft.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12250","source":"secure@microsoft.com"},{"url":"http://secunia.com/advisories/42607","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id?1024875","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/cas/techalerts/TA10-348A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2010/3216","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-093","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12250","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorComment":"Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'","evaluatorImpact":"Per: http://www.microsoft.com/technet/security/Bulletin/MS10-093.mspx\r\n\r\n'This is a remote code execution vulnerability.'"}}]}