CVE-2010-3190
Description
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka MFC Insecure Library Loading Vulnerability.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
46.742
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft Visual Studio 2005 Service Pack 1 MFC Security Update(KB2538218) | Windows |
| Microsoft Visual Studio 2008 Service Pack 1 MFC Security Update(KB2538241) | Windows |
| Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update(KB2538242) | Windows |
| Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update (x64)(KB2538242) | Windows |
| Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package MFC Security Update(KB2538243) | Windows |
| Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package MFC Security Update(x64)(KB2538243) | Windows |
| Microsoft Visual Studio 2010 RTM MFC Security Update(KB2542054) | Windows |
| Microsoft Visual C++ 2010 RTM Redistributable MFC Security Update | Windows |
| Microsoft Visual C++ 2010 RTM Redistributable MFC Security Update | Windows |
| Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package MFC Security Update x86 based systems | Windows |
| Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package MFC Security Update x64 bases systems | Windows |
| Microsoft Visual Studio 2010 Service Pack 1 MFC Security Update | Windows |
| Vulnerabilities CVE-2010-3190,CVE-2014-3192,CVE-2014-8146 are affected in Apple iTunes (X64) 12.1.3 | Windows |
| Vulnerabilities CVE-2010-3190,CVE-2014-3192,CVE-2014-8146 are affected in Apple iTunes 12.1.3 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-10041 | Microsoft Visual Studio 2005 Service Pack 1 MFC Security Update(KB2538218) |
| PATCH-10042 | Microsoft Visual Studio 2008 Service Pack 1 MFC Security Update(KB2538241) |
| PATCH-10047 | Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package MFC Security Update(x64)(KB2538243) (Deployment-Only) |
| PATCH-10048 | Microsoft Visual Studio 2010 RTM MFC Security Update(KB2542054) |
| PATCH-12621 | Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package MFC Security Update |
| PATCH-13261 | Microsoft Visual Studio 2010 Service Pack 1 MFC Security Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234