Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-025.

Impact

Successful exploitation will let the attacker execute arbitrary code which may result in memory corruption on the affected system. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Insight

A flaw exists in the Microsoft Foundation Class (MFC) Library, when applications built using MFC incorrectly restrict the path used for loading external libraries.

Affected

Microsoft Visual Studio 2010 Microsoft Visual Studio 2005 SP 1 and prior Microsoft Visual Studio 2008 SP 1 and prior Microsoft Visual Studio .NET 2003 SP 1 and prior

References

http://secunia.com/advisories/41212
http://support.microsoft.com/kb/2565057
http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3190

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Checks for MS HOTFIX for snmp buffer overruns
.NET JIT Compiler Vulnerability
Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)
Microsoft Groove Remote Code Execution Vulnerability (2494047)
Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)

Take action and discover your vulnerabilities