| ID |
CVE-2010-3190
|
| Summary |
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html
CWE-426: Untrusted Search Path |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1:*:*:redistributable_package:*:*:*
cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1:*:*:redistributable_package:*:*:*
-
cpe:2.3:a:microsoft:visual_c\+\+:2008:sp1:*:*:redistributable_package:*:*:*
cpe:2.3:a:microsoft:visual_c\+\+:2008:sp1:*:*:redistributable_package:*:*:*
-
cpe:2.3:a:microsoft:visual_c\+\+:2010:sp1:*:*:redistributable_package:*:*:*
cpe:2.3:a:microsoft:visual_c\+\+:2010:sp1:*:*:redistributable_package:*:*:*
-
cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 16-11-2020 - 19:33) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-426 |
| CAPEC |
-
Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS11-025 | | bulletin_url | | | date | 2011-04-12T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 2500212 | | knowledgebase_url | | | severity | Important | | title | Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution |
|
| oval
via4
|
| accepted | 2015-08-10T04:00:14.558-04:00 | | class | vulnerability | | contributors | | name | Dragos Prisaca | | organization | Symantec Corporation |
| name | Dragos Prisaca | | organization | Symantec Corporation |
| name | Dragos Prisaca | | organization | Symantec Corporation |
| name | Dragos Prisaca | | organization | G2, Inc. |
| name | Maria Kedovskaya | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| name | Maria Mikhno | | organization | ALTX-SOFT |
| | definition_extensions | | comment | Microsoft Visual Studio .NET 2003 SP1 is installed | | oval | oval:org.mitre.oval:def:168 |
| comment | Microsoft Visual Studio 2005 Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:6401 |
| comment | Microsoft Visual Studio 2008 is installed | | oval | oval:org.mitre.oval:def:5401 |
| comment | Microsoft Visual Studio 2010 is installed | | oval | oval:org.mitre.oval:def:7533 |
| comment | Microsoft Visual C++ 2005 Redistributable Package is installed | | oval | oval:org.mitre.oval:def:29007 |
| comment | Microsoft Visual C++ 2008 Redistributable Package is installed | | oval | oval:org.mitre.oval:def:28587 |
| comment | Microsoft Visual C++ 2010 Redistributable Package is installed | | oval | oval:org.mitre.oval:def:29127 |
| | description | Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; and Visual C++ 2005 SP1, 2008 SP1, and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:12457 | | status | accepted | | submitted | 2011-04-12T13:00:00 | | title | MFC Insecure Library Loading Vulnerability | | version | 85 |
|
| refmap
via4
|
|
| Last major update |
16-11-2020 - 19:33 |
| Published |
31-08-2010 - 20:00 |
| Last modified |
16-11-2020 - 19:33 |
