Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-4qmw-vcgw-w2vh

Опубликовано: 13 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."

Ссылки

EPSS

Процентиль: 98%
0.50112
Средний

CVE ID

CVE-2010-3190

Дефекты

CWE-426

Связанные уязвимости

nvd логотип

CVE-2010-3190

nvd
почти 15 лет назад

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."

msrc логотип

CVE-2010-3190

msrc
больше 6 лет назад

MFC Insecure Library Loading Vulnerability

fstec логотип

BDU:2019-00031

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость библиотеки Microsoft Foundation Classes (MFC) почтового сервера Microsoft Exchange Server, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 98%
0.50112
Средний

CVE ID

CVE-2010-3190

Дефекты

CWE-426