Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.902255
Kategorie:Windows
Titel:Microsoft Visual Studio Insecure Library Loading Vulnerability
Zusammenfassung:This host is installed with Microsoft Visual Studio and is prone; to insecure library loading vulnerability.;; This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.900285.
Beschreibung:Summary:
This host is installed with Microsoft Visual Studio and is prone
to insecure library loading vulnerability.

This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.900285.

Vulnerability Insight:
The flaw is due to 'ATL MFC Trace Tool'(AtlTraceTool8.exe)
loading libraries in an insecure manner. This can be exploited to load
arbitrary libraries by tricking a user into opening a TRC file located on a remote WebDAV or SMB share.

Vulnerability Impact:
Successful exploitation will allow the attackers to execute
arbitrary code and conduct DLL hijacking attacks.

Affected Software/OS:
Microsoft Visual Studio.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3190
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
BugTraq ID: 42811
http://www.securityfocus.com/bid/42811
Cert/CC Advisory: TA11-102A
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
Microsoft Security Bulletin: MS11-025
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457
http://secunia.com/advisories/41212
CopyrightCopyright (C) 2010 SecPod

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.