Windows : Microsoft Visual Studio Insecure Library Loading Vulnerability

Resumen de Precio/Funciones | Ordenar | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad

Búsqueda de Vulnerabilidad		Buscar 61204 Descripciones CVE y 32582 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902255

Categoría: Windows

Título: Microsoft Visual Studio Insecure Library Loading Vulnerability

Resumen: Check for the Microsoft Visual Studio version

Descripción:
This NVT has been replaced by NVT secpod_ms11-025.nasl
(OID:1.3.6.1.4.1.25623.1.0.900285).

Overview: This host is installed with Microsoft Visual Studio and is prone to
insecure library loading vulnerability.

Vulnerability Insight:
The flaw is due to 'ATL MFC Trace Tool'(AtlTraceTool8.exe) loading
libraries in an insecure manner. This can be exploited to load arbitrary
libraries by tricking a user into opening a TRC file located on a remote
WebDAV or SMB share.

Impact:
Successful exploitation will allow the attackers to execute arbitrary code
and conduct DLL hijacking attacks.

Impact Level: Application

Affected Software/OS:
Microsoft Visual Studio

Fix: No solution or patch is available as of 27th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/downloads/en/default.aspx

References:
http://secunia.com/advisories/41212
http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3190
http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
Microsoft Security Bulletin: MS11-025
http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx
Cert/CC Advisory: TA11-102A
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12457
http://secunia.com/advisories/41212

Copyright Copyright (C) 2010 SecPod

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:

Usuario:

Contraseña:

Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.

Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.

Privacidad

Ingreso de Usuario Registrado

Usuario:

Contraseña:

¿Olvidó su usuario o contraseña??

Email/ID de Usario:

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902255
Categoría:	Windows
Título:	Microsoft Visual Studio Insecure Library Loading Vulnerability
Resumen:	Check for the Microsoft Visual Studio version
Descripción:	This NVT has been replaced by NVT secpod_ms11-025.nasl (OID:1.3.6.1.4.1.25623.1.0.900285). Overview: This host is installed with Microsoft Visual Studio and is prone to insecure library loading vulnerability. Vulnerability Insight: The flaw is due to 'ATL MFC Trace Tool'(AtlTraceTool8.exe) loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a TRC file located on a remote WebDAV or SMB share. Impact: Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application Affected Software/OS: Microsoft Visual Studio Fix: No solution or patch is available as of 27th September, 2010. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.microsoft.com/downloads/en/default.aspx References: http://secunia.com/advisories/41212 http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3190 http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ Microsoft Security Bulletin: MS11-025 http://www.microsoft.com/technet/security/Bulletin/MS11-025.mspx Cert/CC Advisory: TA11-102A http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12457 http://secunia.com/advisories/41212
Copyright	Copyright (C) 2010 SecPod