CVE-2010-3190

CWE-4268 documents7 sources
Severity
9.3CRITICAL
EPSS
46.7%
top 2.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple ItunesMicrosoft Visual C\+\+Microsoft Visual Studio+1 more
Timeline
PublishedAug 31
Latest updateMay 13

Description

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDmicrosoft/visual_studio2005, 2008, 2010+2
NVDmicrosoft/visual_c\+\+2005, 2008, 2010+2
NVDapple/itunes12.1.3

Patches

Patch: docs.microsoft.comPatch: portal.msrc.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-4qmw-vcgw-w2vh: Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio2022-05-13
CVEList
CVE-2010-3190: Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio2010-08-31

💥Exploits & PoCs

1
Exploit-DB
CA iTechnology iGateway - Debug Mode Buffer Overflow (Metasploit)2010-04-30

📋Vendor Advisories

2
Microsoft
MFC Insecure Library Loading Vulnerability2018-10-09
Apple
CVE-2010-3190: iTunes 12.3

🕵️Threat Intelligence

2
Qualys
October 2018 Patch Tuesday – 49 Vulns, Critical browser patches, Hyper-V, Adobe vulns2018-10-09
Qualys
October 2018 Patch Tuesday – 49 Vulns, Critical browser patches, Hyper-V, Adobe vulns | Qualys2018-10-09
CVE-2010-3190 (CRITICAL CVSS 9.3) | Untrusted search path vulnerability | cvebase.io