CVE-2010-3145

Microsoft BitLocker Drive Encryption API - Privilege Escalation

Title source: llm

Description

Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."

Exploits (1)

exploitdb WORKING POC

by Beenu Arora · textlocalwindows

https://www.exploit-db.com/exploits/14751

View Code ZIP pw:eip

References (6)

Core 6

Core References

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-001

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14751/

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0074

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024948

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA11-011A.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12273

Scores

EPSS 0.1359

EPSS Percentile 94.3%

Details

Status published

Products (1)

microsoft/windows_vista (2 CPE variants)

Published Aug 27, 2010

Tracked Since Feb 18, 2026