ID CVE-2010-3148
Summary Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visio:2003:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:58)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-02-11T04:03:45.086-05:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Microsoft Office Visio 2003 is installed
oval oval:org.mitre.oval:def:1450
description Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:7122
status accepted
submitted 2010-10-08T04:21:55
title Untrusted search path vulnerability in Microsoft Visio 2003
version 10
refmap via4
cert TA11-193A
exploit-db 14744
ms MS11-055
vupen ADV-2010-2192
Last major update 12-10-2018 - 21:58
Published 27-08-2010 - 19:00
Back to Top