Vulnerability-Lookup

CVE-2010-3190 (GCVE-0-2010-3190)

Vulnerability from cvelistv5 – Published: 2010-08-31 19:25 – Updated: 2024-08-07 03:03

Summary

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://support.apple.com/HT205221	x_refsource_CONFIRM
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	http://secunia.com/advisories/41212	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	third-party-advisoryx_refsource_CERT
	http://www.corelan.be:8800/index.php/2010/08/25/d…	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/42811	vdb-entryx_refsource_BID
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
          },
          {
            "name": "41212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41212"
          },
          {
            "name": "TA11-102A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
          },
          {
            "name": "oval:org.mitre.oval:def:12457",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
          },
          {
            "name": "MS11-025",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
          },
          {
            "name": "42811",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/42811"
          },
          {
            "name": "APPLE-SA-2015-09-16-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T16:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
        },
        {
          "name": "41212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41212"
        },
        {
          "name": "TA11-102A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
        },
        {
          "name": "oval:org.mitre.oval:def:12457",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
        },
        {
          "name": "MS11-025",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
        },
        {
          "name": "42811",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/42811"
        },
        {
          "name": "APPLE-SA-2015-09-16-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205221",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205221"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
            },
            {
              "name": "41212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41212"
            },
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
              "refsource": "MISC",
              "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
            },
            {
              "name": "oval:org.mitre.oval:def:12457",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
            },
            {
              "name": "MS11-025",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
            },
            {
              "name": "42811",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/42811"
            },
            {
              "name": "APPLE-SA-2015-09-16-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3190",
    "datePublished": "2010-08-31T19:25:00.000Z",
    "dateReserved": "2010-08-31T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:03:18.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2010-3190

Vulnerability from fkie_nvd - Published: 2010-08-31 20:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html	Mailing List, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/41212	Third Party Advisory
cve@mitre.org	http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/42811	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	Third Party Advisory, US Government Resource
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457	Third Party Advisory
cve@mitre.org	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190	Patch, Vendor Advisory
cve@mitre.org	https://support.apple.com/HT205221	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41212	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/42811	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205221	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	itunes	12.1.3
microsoft	visual_c\+\+	2005
microsoft	visual_c\+\+	2008
microsoft	visual_c\+\+	2010
microsoft	visual_studio	2005
microsoft	visual_studio	2008
microsoft	visual_studio	2010
microsoft	visual_studio_.net	2003

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4354E6D0-5AA8-4F1B-BD3B-1B66ABD062A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "619BEBC1-9B3B-47B6-A0FC-E77084D57784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "F5719E28-6122-4BCA-91B7-E9709DA5A891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "A04EBB20-FC22-4482-861F-774853382E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DFC93-9533-4893-B634-0551CDE7D252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no fiable en Microsoft Foundation Class (MFC) Library en Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1 y 2010; Visual C++ 2005 SP1, 2008 SP1 y 2010 y Exchange Server 2010 Service Pack 3, 2013 y 2013 permite que usuarios locales obtengan privilegios mediante un archivo troyano dwmapi.dll en el directorio de trabajo actual durante la ejecuci\u00f3n de una aplicaci\u00f3n MFC como AtlTraceTool8.exe (tambi\u00e9n conocida como ATL MFC Trace Tool), tal y como queda demostrado con un directorio que contiene archivos TRC, cur, rs, rct o res. Esto tambi\u00e9n se conoce como \"MFC Insecure Library Loading Vulnerability\"."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\nCWE-426: Untrusted Search Path",
  "evaluatorImpact": "Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per \"This is a remote code execution vulnerability\"",
  "id": "CVE-2010-3190",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-31T20:00:02.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/41212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42811"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/41212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205221"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2011-AVI-208

Vulnerability from certfr_avis - Published: 2011-04-13 - Updated: 2011-04-13

Une vulnérabilité dans le chargement des bibliothèques dynamiques par la bibliothèque MFC permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

La manière dont la MFC gère le chargement des bibliothèques dynamiques est exploitable par un utilisateur malveillant pour exécuter du code arbitraire à distance. Cette vulnérabilité est décrite dans le bulletin d'actualité CERTA-2010-ACT-034 (cf. section Documentation).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Visual Studio, toutes les éditions ;
Microsoft Visual C++ Redistributable Package, toutes les éditions.

Des applications construites à partir de ces produits sont vulnérables.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS11-025 du 12 avril 2011	None	vendor-advisory
Document du CERTA CERTA-2010-ACT-034 du 26 août 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Visual Studio, toutes les \u00e9ditions\u0026nbsp;;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Visual C++ Redistributable Package, toutes les    \u00e9ditions.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eDes applications construites \u00e0 partir de ces produits sont  vuln\u00e9rables.\u003c/P\u003e",
  "content": "## Description\n\nLa mani\u00e8re dont la MFC g\u00e8re le chargement des biblioth\u00e8ques dynamiques\nest exploitable par un utilisateur malveillant pour ex\u00e9cuter du code\narbitraire \u00e0 distance. Cette vuln\u00e9rabilit\u00e9 est d\u00e9crite dans le bulletin\nd\u0027actualit\u00e9 CERTA-2010-ACT-034 (cf. section Documentation).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3190"
    }
  ],
  "initial_release_date": "2011-04-13T00:00:00",
  "last_revision_date": "2011-04-13T00:00:00",
  "links": [
    {
      "title": "Document du CERTA CERTA-2010-ACT-034 du 26 ao\u00fbt 2010 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-ACT-034/index.html"
    }
  ],
  "reference": "CERTA-2011-AVI-208",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le chargement des biblioth\u00e8ques dynamiques par la\nbiblioth\u00e8que MFC permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans la biblioth\u00e8que MFC",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-025 du 12 avril 2011",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx"
    }
  ]
}

CERTFR-2015-AVI-398

Vulnerability from certfr_avis - Published: 2015-09-18 - Updated: 2015-09-18

De multiples vulnérabilités ont été corrigées dans Apple iTunes. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple iTunes version antérieure à 12.3

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205221 du 16 septembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple iTunes version ant\u00e9rieure \u00e0 12.3\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3687"
    },
    {
      "name": "CVE-2015-3686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3686"
    },
    {
      "name": "CVE-2015-5817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5817"
    },
    {
      "name": "CVE-2015-3743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3743"
    },
    {
      "name": "CVE-2015-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5793"
    },
    {
      "name": "CVE-2015-3734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3734"
    },
    {
      "name": "CVE-2015-5816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5816"
    },
    {
      "name": "CVE-2015-5797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5797"
    },
    {
      "name": "CVE-2015-5815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5815"
    },
    {
      "name": "CVE-2015-3733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3733"
    },
    {
      "name": "CVE-2015-5792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5792"
    },
    {
      "name": "CVE-2015-5798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5798"
    },
    {
      "name": "CVE-2015-3744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3744"
    },
    {
      "name": "CVE-2015-5808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5808"
    },
    {
      "name": "CVE-2015-5822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5822"
    },
    {
      "name": "CVE-2015-3749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3749"
    },
    {
      "name": "CVE-2015-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3731"
    },
    {
      "name": "CVE-2015-3745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3745"
    },
    {
      "name": "CVE-2015-1152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1152"
    },
    {
      "name": "CVE-2015-3746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3746"
    },
    {
      "name": "CVE-2015-5874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5874"
    },
    {
      "name": "CVE-2015-5789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5789"
    },
    {
      "name": "CVE-2015-3730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3730"
    },
    {
      "name": "CVE-2015-5806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5806"
    },
    {
      "name": "CVE-2015-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3738"
    },
    {
      "name": "CVE-2015-5805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5805"
    },
    {
      "name": "CVE-2015-5811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5811"
    },
    {
      "name": "CVE-2015-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1153"
    },
    {
      "name": "CVE-2015-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3747"
    },
    {
      "name": "CVE-2015-3740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3740"
    },
    {
      "name": "CVE-2015-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1205"
    },
    {
      "name": "CVE-2010-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3190"
    },
    {
      "name": "CVE-2015-5819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5819"
    },
    {
      "name": "CVE-2015-5810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5810"
    },
    {
      "name": "CVE-2015-5804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5804"
    },
    {
      "name": "CVE-2015-5761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5761"
    },
    {
      "name": "CVE-2015-5818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5818"
    },
    {
      "name": "CVE-2015-5807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5807"
    },
    {
      "name": "CVE-2015-5802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5802"
    },
    {
      "name": "CVE-2015-5814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5814"
    },
    {
      "name": "CVE-2015-3688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3688"
    },
    {
      "name": "CVE-2015-3739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3739"
    },
    {
      "name": "CVE-2015-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3736"
    },
    {
      "name": "CVE-2015-5920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5920"
    },
    {
      "name": "CVE-2015-5803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5803"
    },
    {
      "name": "CVE-2015-5812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5812"
    },
    {
      "name": "CVE-2015-5791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5791"
    },
    {
      "name": "CVE-2015-5755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5755"
    },
    {
      "name": "CVE-2015-5823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5823"
    },
    {
      "name": "CVE-2015-1157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1157"
    },
    {
      "name": "CVE-2015-5801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5801"
    },
    {
      "name": "CVE-2015-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3737"
    },
    {
      "name": "CVE-2015-5800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5800"
    },
    {
      "name": "CVE-2015-5813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5813"
    },
    {
      "name": "CVE-2015-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5795"
    },
    {
      "name": "CVE-2015-5799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5799"
    },
    {
      "name": "CVE-2015-5794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5794"
    },
    {
      "name": "CVE-2015-5790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5790"
    },
    {
      "name": "CVE-2015-5809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5809"
    },
    {
      "name": "CVE-2015-5796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5796"
    },
    {
      "name": "CVE-2015-5821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5821"
    },
    {
      "name": "CVE-2015-3748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3748"
    },
    {
      "name": "CVE-2014-8146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8146"
    },
    {
      "name": "CVE-2015-3741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3741"
    },
    {
      "name": "CVE-2015-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3735"
    },
    {
      "name": "CVE-2015-3742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3742"
    }
  ],
  "initial_release_date": "2015-09-18T00:00:00",
  "last_revision_date": "2015-09-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-398",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-09-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple iTunes\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iTunes",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205221 du 16 septembre 2015",
      "url": "https://support.apple.com/fr-fr/HT205221"
    }
  ]
}

CERTFR-2018-AVI-486

Vulnerability from certfr_avis - Published: 2018-10-10 - Updated: 2018-10-10

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	SQL Server Management Studio 17.9
Microsoft	N/A	Microsoft Exchange Server 2010 Service Pack 3
Microsoft	N/A	SQL Server Management Studio 18.0 (Preview 4)
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 10
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 21
Microsoft	N/A	PowerShell Core 6.0
Microsoft	N/A	Microsoft Exchange Server 2013
Microsoft	N/A	Microsoft Exchange Server 2016
Microsoft	Azure	Hub Device Client SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 octobre 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server Management Studio 17.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2010 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server Management Studio 18.0 (Preview 4)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Core 6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Hub Device Client SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8503"
    },
    {
      "name": "CVE-2018-8448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8448"
    },
    {
      "name": "CVE-2018-8505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8505"
    },
    {
      "name": "CVE-2018-8510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8510"
    },
    {
      "name": "CVE-2018-8511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8511"
    },
    {
      "name": "CVE-2018-8292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8292"
    },
    {
      "name": "CVE-2018-8500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8500"
    },
    {
      "name": "CVE-2010-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3190"
    },
    {
      "name": "CVE-2018-8533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8533"
    },
    {
      "name": "CVE-2018-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8265"
    },
    {
      "name": "CVE-2018-8527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8527"
    },
    {
      "name": "CVE-2018-8513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8513"
    },
    {
      "name": "CVE-2018-8532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8532"
    },
    {
      "name": "CVE-2018-8473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8473"
    }
  ],
  "initial_release_date": "2018-10-10T00:00:00",
  "last_revision_date": "2018-10-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-486",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 octobre 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GHSA-4QMW-VCGW-W2VH

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2025-04-11 03:38

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-31T20:00:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\"",
  "id": "GHSA-4qmw-vcgw-w2vh",
  "modified": "2025-04-11T03:38:39Z",
  "published": "2022-05-13T01:13:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3190"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205221"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41212"
    },
    {
      "type": "WEB",
      "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/42811"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-3190

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-3190

Aliases

CVE-2010-3190

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3190",
    "description": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\"",
    "id": "GSD-2010-3190"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3190"
      ],
      "details": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\"",
      "id": "GSD-2010-3190",
      "modified": "2023-12-13T01:21:34.540957Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-3190",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT205221",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205221"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
          },
          {
            "name": "41212",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/41212"
          },
          {
            "name": "TA11-102A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
            "refsource": "MISC",
            "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
          },
          {
            "name": "oval:org.mitre.oval:def:12457",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
          },
          {
            "name": "MS11-025",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
          },
          {
            "name": "42811",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/42811"
          },
          {
            "name": "APPLE-SA-2015-09-16-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3190"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41212",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/41212"
            },
            {
              "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
            },
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "https://support.apple.com/HT205221",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205221"
            },
            {
              "name": "APPLE-SA-2015-09-16-3",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
            },
            {
              "name": "42811",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/42811"
            },
            {
              "name": "oval:org.mitre.oval:def:12457",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
            },
            {
              "name": "MS11-025",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2020-11-16T19:33Z",
      "publishedDate": "2010-08-31T20:00Z"
    }
  }
}

CVE-2010-3190

Vulnerability from fstec - Published: 09.10.2018

Title

Уязвимость библиотеки Microsoft Foundation Classes (MFC) почтового сервера Microsoft Exchange Server, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость библиотеки Microsoft Foundation Classes (MFC) почтового сервера Microsoft Exchange Server связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Microsoft Exchange Server

Software Version

2016 (Microsoft Exchange Server), 2010 sp3 (Microsoft Exchange Server), 2013 (Microsoft Exchange Server)

Possible Mitigations

Использование рекомендаций производителя: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190 https://nvd.nist.gov/vuln/detail/CVE-2010-3190 http://www.securityfocus.com/bid/42811 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457

CWE

CWE-264

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2016 (Microsoft Exchange Server), 2010 sp3 (Microsoft Exchange Server), 2013 (Microsoft Exchange Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: \nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.10.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.01.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00031",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2010-3190",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Exchange Server",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Microsoft Foundation Classes (MFC) \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Microsoft Foundation Classes (MFC) \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-3190\nhttp://www.securityfocus.com/bid/42811 \nhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025 \nhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-3190 (GCVE-0-2010-3190)

FKIE_CVE-2010-3190

CERTA-2011-AVI-208

Description

Solution

CERTFR-2015-AVI-398

Solution

CERTFR-2018-AVI-486

Solution

GHSA-4QMW-VCGW-W2VH

GSD-2010-3190

CVE-2010-3190

Tags

Sightings

Nomenclature