Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3148Microsoft Visio vulnerability

5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
26.5%
top 3.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Visio
Timeline
PublishedAug 27
Latest updateMay 14

Description

Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/visio2003

🔴Vulnerability Details

2
GHSA
GHSA-q395-pc7p-84w6: Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu2022-05-14
CVEList
CVE-2010-3148: Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu2010-08-27

💥Exploits & PoCs

1
Exploit-DB
Microsoft Visio 2003 - 'mfc71enu.dll' DLL Hijacking2010-08-25

🔍Detection Rules

1
Suricata
ET WEB_CLIENT Microsoft Visio 2003 mfc71enu.dll DLL Loading Arbitrary Code Execution Attempt2011-07-27
CVE-2010-3148 — Microsoft Visio vulnerability | cvebase