|
|
|||
| Rule General Information |
|---|
| Release Date: | 2012-12-04 | |
| Rule Name: | EXPLOIT Microsoft Visual Studio MFC Insecure Library Loading Vulnerability -1 (CVE-2010-3190) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; and Visual C++ 2005 SP1, 2008 SP1, and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), aka "MFC Insecure Library Loading Vulnerability." | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows | |
| Reference: | http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx SecurityFocusBID:42811 |
|
| Solutions |
|---|
| Microsoft has released a patch MS11-025 to eliminate the vulnerability. The patch can be downloaded at http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx |