Windows : Microsoft Visual Studio Insecure Library Loading Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902255

Categoría: Windows

Título: Microsoft Visual Studio Insecure Library Loading Vulnerability

Resumen: Microsoft Visual Studio is prone to an insecure library loading vulnerability.;; This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.900285.

Descripción: Summary:
Microsoft Visual Studio is prone to an insecure library loading vulnerability.

This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.900285.

Vulnerability Insight:
The flaw is due to 'ATL MFC Trace Tool'(AtlTraceTool8.exe)
loading libraries in an insecure manner. This can be exploited to load
arbitrary libraries by tricking a user into opening a TRC file located on a remote WebDAV or SMB share.

Vulnerability Impact:
Successful exploitation will allow the attackers to execute
arbitrary code and conduct DLL hijacking attacks.

Affected Software/OS:
Microsoft Visual Studio.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3190
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html
BugTraq ID: 42811
http://www.securityfocus.com/bid/42811
Cert/CC Advisory: TA11-102A
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
Microsoft Security Bulletin: MS11-025
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457
http://secunia.com/advisories/41212

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902255
Categoría:	Windows
Título:	Microsoft Visual Studio Insecure Library Loading Vulnerability
Resumen:	Microsoft Visual Studio is prone to an insecure library loading vulnerability.;; This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.900285.
Descripción:	Summary: Microsoft Visual Studio is prone to an insecure library loading vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.900285. Vulnerability Insight: The flaw is due to 'ATL MFC Trace Tool'(AtlTraceTool8.exe) loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a TRC file located on a remote WebDAV or SMB share. Vulnerability Impact: Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Affected Software/OS: Microsoft Visual Studio. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3190 http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html BugTraq ID: 42811 http://www.securityfocus.com/bid/42811 Cert/CC Advisory: TA11-102A http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ Microsoft Security Bulletin: MS11-025 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457 http://secunia.com/advisories/41212
Copyright	Copyright (C) 2010 Greenbone AG