Microsoft Windows Server 2008 Color Control Panel untrusted search path
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.3 | $0-$5k | 0.00 |
A vulnerability classified as critical was found in Microsoft Windows Server 2008 (Operating System). This vulnerability affects an unknown code of the component Color Control Panel. The CWE definition for the vulnerability is CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. As an impact it is known to affect confidentiality, and integrity. CVE summarizes:
Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
The weakness was shared 10/18/2010 by Haifei Li (shinnai) as MS12-012 (Website). The advisory is shared for download at shinnai.altervista.org. The public release happened without coordination with the vendor. This vulnerability was named CVE-2010-5082 since 01/16/2012. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details are unknown but a public exploit is available. The MITRE ATT&CK project declares the attack technique as T1574.
It is declared as proof-of-concept. As 0-day the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 57946 (MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins.
Upgrading eliminates this vulnerability. A possible mitigation has been published 2 years after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 12062.
The vulnerability is also documented in the databases at X-Force (72838) and Tenable (57946). The entries 4202, 4207 and 4201 are related to this item.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.8VulDB Meta Temp Score: 4.3
VulDB Base Score: 4.8
VulDB Temp Score: 4.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Untrusted search pathCWE: CWE-426
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 57946
Nessus Name: MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 802383
OpenVAS Name: Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
Fortigate IPS: 🔍
Timeline
10/18/2010 🔍10/18/2010 🔍
10/18/2010 🔍
10/18/2010 🔍
10/19/2010 🔍
10/19/2010 🔍
01/16/2012 🔍
01/17/2012 🔍
02/14/2012 🔍
02/14/2012 🔍
02/14/2012 🔍
03/18/2021 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS12-012
Researcher: Haifei Li (shinnai)
Status: Confirmed
CVE: CVE-2010-5082 (🔍)
OVAL: 🔍
IAVM: 🔍
X-Force: 72838
SecurityTracker: 1026682 - Windows Color Control Panel DLL Loading Error Lets Remote Users Execute Arbitrary Code
Vulnerability Center: 27765 - [MS12-012] Windows Server 2008 Enterprise SP2 Color Control Panel DLL Remote Code Execution, Medium
SecurityFocus: 44157 - Windows Server 2008 Color Control Panel DLL Loading Arbitrary Code Execution Vulnerability
Secunia: 41874 - Windows Server 2008 Color Control Panel Insecure Library Loading Vulnerability, Highly Critical
OSVDB: 68918 - Windows Server 2008 Color Control Panel Path Subversion Arbitrary DLL Injection Code Execution
scip Labs: https://www.scip.ch/en/?labs.20140213
See also: 🔍
Entry
Created: 10/19/2010 02:00Updated: 03/18/2021 13:03
Changes: 10/19/2010 02:00 (91), 04/07/2017 12:38 (12), 03/18/2021 12:57 (3), 03/18/2021 13:03 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.