Microsoft Visual Studio Insecure Library Loading Vulnerability Network Vulnerability

Summary

This host is installed with Microsoft Visual Studio and is prone to insecure library loading vulnerability. This NVT has been replaced by NVT secpod_ms11-025.nasl (OID:1.3.6.1.4.1.25623.1.0.900285).

Impact

Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Insight

The flaw is due to 'ATL MFC Trace Tool'(AtlTraceTool8.exe) loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a TRC file located on a remote WebDAV or SMB share.

Affected

Microsoft Visual Studio

References

http://secunia.com/advisories/41212

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3190

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
Microsoft Windows Address Book Insecure Library Loading Vulnerability
Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
WS_FTP client weak stored password
Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)

Take action and discover your vulnerabilities