Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-025.

Impact

Successful exploitation will let the attacker execute arbitrary code which may result in memory corruption on the affected system. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Insight

A flaw exists in the Microsoft Foundation Class (MFC) Library, when applications built using MFC incorrectly restrict the path used for loading external libraries.

Affected

Microsoft Visual Studio 2010 Microsoft Visual Studio 2005 SP 1 and prior Microsoft Visual Studio 2008 SP 1 and prior Microsoft Visual Studio .NET 2003 SP 1 and prior

References

http://secunia.com/advisories/41212
http://support.microsoft.com/kb/2565057
http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3190
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
Microsoft DirectShow Remote Code Execution Vulnerability (2845187)

Take action and discover your vulnerabilities