New Search

MFC Insecure Library Loading Vulnerability

oval:org.mitre.oval:def:12457

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1 2008 SP1 and 2010; and Visual C++ 2005 SP1 2008 SP1 and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool) as demonstrated by a directory that contains a TRC cur rs rct or res file aka "MFC Insecure Library Loading Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2010-3190
Product(s):
  • Microsoft Visual Studio 2005
  • Microsoft Visual C++ 2008 Redistributable Package
  • Microsoft Visual Studio 2008
  • Microsoft Visual C++ 2005 Redistributable Package
  • Microsoft Visual Studio 2010
  • Microsoft Visual Studio .NET 2003
  • Microsoft Visual C++ 2010 Redistributable Package