Vulnerability CVE-2010-3190 - CERT Civis.Net

Vulnerability Name:

CVE-2010-3190 (CCN-64083)

Assigned:

2010-08-23

Published:

2010-08-23

Updated:

2020-11-16

Summary:

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."
Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per "This is a remote code execution vulnerability"
Per: http://cwe.mitre.org/data/definitions/426.html

CWE-426: Untrusted Search Path

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-3190

Source: APPLE
Type: Mailing List, Vendor Advisory
APPLE-SA-2015-09-16-3

Source: CCN
Type: Microsoft Web site
Visual Studio

Source: CCN
Type: SA41212
MS Visual Studio Insecure Library Loading Vulnerability

Source: SECUNIA
Type: Third Party Advisory
41212

Source: CCN
Type: SA44905
Attachmate Reflection X 2011 PKI Services Manager Two Vulnerabilities

Source: CCN
Type: SA46692
Attachmate Reflection Insecure Library Loading Vulnerability

Source: CCN
Type: Attachmate Web Site
Security Updates and Reflection

Source: MISC
Type: Broken Link
http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/

Source: BID
Type: Third Party Advisory, VDB Entry
42811

Source: CCN
Type: BID-42811
Microsoft ATL/MFC Trace Tool 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability

Source: CCN
Type: BID-50496
Attachmate Reflection DLL Loading Arbitrary Code Execution Vulnerability

Source: CERT
Type: Third Party Advisory, US Government Resource
TA11-102A

Source: MS
Type: Patch, Vendor Advisory
MS11-025

Source: XF
Type: UNKNOWN
visualstudio-dwmapi-dll-ce(64083)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:12457

Source: CCN
Type: Microsoft Security TechCenter - October 2018
MFC Insecure Library Loading Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/HT205221

Vulnerable Configuration:

Configuration 1:

cpe:/a:apple:itunes:12.1.3:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:microsoft:visual_c++:2005:sp1:*:*:redistributable_package:*:*:*

OR cpe:/a:microsoft:visual_c++:2008:sp1:*:*:redistributable_package:*:*:*

OR cpe:/a:microsoft:visual_c++:2010:sp1:*:*:redistributable_package:*:*:*

OR cpe:/a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:visual_studio:2010:-:*:*:*:*:*:*

OR cpe:/a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:visual_studio:2010:-:*:*:*:*:*:*

OR cpe:/a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:exchange_server:2016:*:*:*:*:*:*:*

OR cpe:/a:microsoft:exchange_server:2013:*:*:*:*:*:*:*

AND

cpe:/a:attachmate:reflection_for_secure_it:7.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:12457	V	MFC Insecure Library Loading Vulnerability	2015-08-10