Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2010-3190
HistoryAug 31, 2010 - 8:00 p.m.

CVE-2010-3190

2010-08-3120:00:02
CWE-426
mitre
web.nvd.nist.gov
150
cve
2010
3190
microsoft
foundation class library
visual studio
mfc
vulnerability
local users
privileges
trojan horse

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka β€œMFC Insecure Library Loading Vulnerability.”

Affected configurations

Nvd
Node
appleitunesMatch12.1.3
Node
microsoftvisual_c\+\+Match2005sp1redistributable_package
OR
microsoftvisual_c\+\+Match2008sp1redistributable_package
OR
microsoftvisual_c\+\+Match2010sp1redistributable_package
OR
microsoftvisual_studioMatch2005sp1
OR
microsoftvisual_studioMatch2008sp1
OR
microsoftvisual_studioMatch2010-
OR
microsoftvisual_studio_.netMatch2003sp1
VendorProductVersionCPE
appleitunes12.1.3cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*
microsoftvisual_c\+\+2005cpe:2.3:a:microsoft:visual_c\+\+:2005:sp1:*:*:redistributable_package:*:*:*
microsoftvisual_c\+\+2008cpe:2.3:a:microsoft:visual_c\+\+:2008:sp1:*:*:redistributable_package:*:*:*
microsoftvisual_c\+\+2010cpe:2.3:a:microsoft:visual_c\+\+:2010:sp1:*:*:redistributable_package:*:*:*
microsoftvisual_studio2005cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*
microsoftvisual_studio2008cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
microsoftvisual_studio2010cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*
microsoftvisual_studio_.net2003cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*

Related

mskb 3
hp 1
openvas 5
nvd 1
nessus 4
cvelist 1
checkpoint_advisories 1
mscve 1
prion 1
seebug 1
kaspersky 2
qualysblog 1
threatpost 1
talosblog 1
securityvulns 2
mskb
mskb
MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library could allow remote code execution: April 12, 2011
2011-04-12 00:00:00
MS11-025: Description of the security update for Visual C++ 2010 Service Pack 1: August 9, 2011
2018-10-09 07:00:00
Description of the security update for Microsoft Exchange Server 2013 and 2016: October 9, 2018
2018-10-09 07:00:00
hp
hp
HPSBPI03720 rev. 1 - Software Vulnerability with Certain HP OfficeJet and PageWide Solutions
2021-03-09 00:00:00
openvas
openvas
Microsoft Visual Studio Insecure Library Loading Vulnerability
2010-09-29 00:00:00
Microsoft Visual Studio Insecure Library Loading Vulnerability
2010-09-29 00:00:00
Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
2011-04-13 00:00:00
nvd
nvd
CVE-2010-3190
2010-08-31 20:00:02
nessus
nessus
MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
2011-04-13 00:00:00
Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check)
2015-10-26 00:00:00
Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)
2015-09-18 00:00:00
cvelist
cvelist
CVE-2010-3190
2010-08-31 19:25:00
checkpoint_advisories
checkpoint_advisories
Microsoft MFC Insecure Library Loading (CVE-2010-3190)
2018-10-09 00:00:00
mscve
mscve
MFC Insecure Library Loading Vulnerability
2018-10-09 07:00:00
prion
prion
Design/Logic Flaw
2010-08-31 20:00:00
seebug
seebug
Microsoft ATL/MFC跟θΈͺε·₯ε…·'dwmapi.dll' DLLθ£…θ½½δ»»ζ„δ»£η ζ‰§θ‘ŒζΌζ΄ž
2011-06-16 00:00:00
kaspersky
kaspersky
KLA11335 Multiple vulnerabilities in Microsoft Exchange Server
2018-10-09 00:00:00
KLA10669 Multiple vulnerabilities in Apple iTunes
2015-09-16 00:00:00
qualysblog
qualysblog
October 2018 Patch Tuesday – 49 Vulns, Critical browser patches, Hyper-V, Adobe vulns
2018-10-09 18:21:32
threatpost
threatpost
Microsoft Patches Zero-Day Under Active Attack by APT
2018-10-09 21:24:54
talosblog
talosblog
Microsoft Patch Tuesday β€” October 18: Vulnerability disclosures and Snort coverage
2018-10-09 11:38:00
securityvulns
securityvulns
APPLE-SA-2015-09-16-3 iTunes 12.3
2015-10-05 00:00:00
Apple iTunes multiple security vulnerabilities
2015-10-25 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON
Related for CVE-2010-3190
mskb3hp1openvas5nvd1nessus4cvelist1checkpoint_advisories1mscve1prion1seebug1kaspersky2qualysblog1threatpost1talosblog1securityvulns2