CVE-2010-3145

Microsoft BitLocker Drive Encryption API - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3145. PoCs published by Beenu Arora.

AI-analyzed exploit summary This exploit leverages DLL hijacking in Microsoft Vista BitLocker Drive Encryption by renaming a malicious DLL to 'fveapi.dll' and placing it in a directory with a '.wbcat' file. The DLL executes arbitrary code (calc.exe) when the vulnerable application loads it.

Description

Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."

Exploits (1)

exploitdb WORKING POC

by Beenu Arora · textlocalwindows

https://www.exploit-db.com/exploits/14751

View Code ZIP pw:eip

This exploit leverages DLL hijacking in Microsoft Vista BitLocker Drive Encryption by renaming a malicious DLL to 'fveapi.dll' and placing it in a directory with a '.wbcat' file. The DLL executes arbitrary code (calc.exe) when the vulnerable application loads it.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Vista BitLocker Drive Encryption

No auth needed

Prerequisites: Ability to place a malicious DLL and a '.wbcat' file in a directory where the vulnerable application searches for DLLs

MITRE ATT&CK