Microsoft Office Products Insecure Library Loading Vulnerability Network Vulnerability

Summary

This host is installed with microsoft product(s) and is prone to insecure library loading vulnerability.

Impact

Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes mentioned in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/ms11-055

Insight

The flaw is due to the application insecurely loading certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share.

Affected

Microsoft Visio 2003. Microsoft Office Groove 2007. Microsoft Office PowerPoint 2007/2010.

References

http://www.exploit-db.com/exploits/14723/
http://www.exploit-db.com/exploits/14744/
http://www.exploit-db.com/exploits/14746/
http://www.exploit-db.com/exploits/14782/
http://www.vupen.com/english/advisories/2010/2188
http://www.vupen.com/english/advisories/2010/2192

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3141, CVE-2010-3142, CVE-2010-3146, CVE-2010-3148
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
Microsoft's SQL Server Brute Force
Microsoft's SQL Version Query
Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
Microsoft's SQL Blank Password

Take action and discover your vulnerabilities