Microsoft Visual Studio Insecure Library Loading Vulnerability Network Vulnerability

Summary

This host is installed with Microsoft Visual Studio and is prone to insecure library loading vulnerability. This NVT has been replaced by NVT secpod_ms11-025.nasl (OID:1.3.6.1.4.1.25623.1.0.900285).

Impact

Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Insight

The flaw is due to 'ATL MFC Trace Tool'(AtlTraceTool8.exe) loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a TRC file located on a remote WebDAV or SMB share.

Affected

Microsoft Visual Studio

References

http://secunia.com/advisories/41212

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3190

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win)
Microsoft Visual Studio Insecure Library Loading Vulnerability
Adobe Flash Player Remote Code Execution Vulnerability (WinXP)
Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability

Take action and discover your vulnerabilities