Microsoft Visual Studio Insecure Library Loading Vulnerability Network Vulnerability

Summary

This host is installed with Microsoft Visual Studio and is prone to insecure library loading vulnerability. This NVT has been replaced by NVT secpod_ms11-025.nasl (OID:1.3.6.1.4.1.25623.1.0.900285).

Impact

Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx

Insight

The flaw is due to 'ATL MFC Trace Tool'(AtlTraceTool8.exe) loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a TRC file located on a remote WebDAV or SMB share.

Affected

Microsoft Visual Studio

References

http://secunia.com/advisories/41212

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3190
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft's SQL Server Brute Force
Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
Microsoft Office Products Insecure Library Loading Vulnerability
Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability

Take action and discover your vulnerabilities