cvelistv5 - cve-2010-3190

cve-2010-3190

Vulnerability from cvelistv5

Published

2010-08-31 19:25

Modified

2024-08-07 03:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html	Mailing List, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/41212	Third Party Advisory
cve@mitre.org	http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/42811	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	Third Party Advisory, US Government Resource
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457	Third Party Advisory
cve@mitre.org	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190	Patch, Vendor Advisory
cve@mitre.org	https://support.apple.com/HT205221	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41212	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/42811	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205221	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
          },
          {
            "name": "41212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41212"
          },
          {
            "name": "TA11-102A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
          },
          {
            "name": "oval:org.mitre.oval:def:12457",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
          },
          {
            "name": "MS11-025",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
          },
          {
            "name": "42811",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/42811"
          },
          {
            "name": "APPLE-SA-2015-09-16-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
        },
        {
          "name": "41212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41212"
        },
        {
          "name": "TA11-102A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
        },
        {
          "name": "oval:org.mitre.oval:def:12457",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
        },
        {
          "name": "MS11-025",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
        },
        {
          "name": "42811",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/42811"
        },
        {
          "name": "APPLE-SA-2015-09-16-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205221",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205221"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
            },
            {
              "name": "41212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41212"
            },
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
              "refsource": "MISC",
              "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
            },
            {
              "name": "oval:org.mitre.oval:def:12457",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
            },
            {
              "name": "MS11-025",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
            },
            {
              "name": "42811",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/42811"
            },
            {
              "name": "APPLE-SA-2015-09-16-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3190",
    "datePublished": "2010-08-31T19:25:00",
    "dateReserved": "2010-08-31T00:00:00",
    "dateUpdated": "2024-08-07T03:03:18.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4354E6D0-5AA8-4F1B-BD3B-1B66ABD062A1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2005:sp1:*:*:redistributable_package:*:*:*\", \"matchCriteriaId\": \"619BEBC1-9B3B-47B6-A0FC-E77084D57784\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2008:sp1:*:*:redistributable_package:*:*:*\", \"matchCriteriaId\": \"F5719E28-6122-4BCA-91B7-E9709DA5A891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2010:sp1:*:*:redistributable_package:*:*:*\", \"matchCriteriaId\": \"A04EBB20-FC22-4482-861F-774853382E8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F4DFC93-9533-4893-B634-0551CDE7D252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"85959AEB-2FE5-4A25-B298-F8223CE260D6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \\\"MFC Insecure Library Loading Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ruta de b\\u00fasqueda no fiable en Microsoft Foundation Class (MFC) Library en Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1 y 2010; Visual C++ 2005 SP1, 2008 SP1 y 2010 y Exchange Server 2010 Service Pack 3, 2013 y 2013 permite que usuarios locales obtengan privilegios mediante un archivo troyano dwmapi.dll en el directorio de trabajo actual durante la ejecuci\\u00f3n de una aplicaci\\u00f3n MFC como AtlTraceTool8.exe (tambi\\u00e9n conocida como ATL MFC Trace Tool), tal y como queda demostrado con un directorio que contiene archivos TRC, cur, rs, rct o res. Esto tambi\\u00e9n se conoce como \\\"MFC Insecure Library Loading Vulnerability\\\".\"}]",
      "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\nCWE-426: Untrusted Search Path",
      "evaluatorImpact": "Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per \"This is a remote code execution vulnerability\"",
      "id": "CVE-2010-3190",
      "lastModified": "2024-11-21T01:18:14.367",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-08-31T20:00:02.297",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/41212\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/42811\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT205221\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/41212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/42811\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT205221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3190\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-08-31T20:00:02.297\",\"lastModified\":\"2024-11-21T01:18:14.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \\\"MFC Insecure Library Loading Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta de b\u00fasqueda no fiable en Microsoft Foundation Class (MFC) Library en Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1 y 2010; Visual C++ 2005 SP1, 2008 SP1 y 2010 y Exchange Server 2010 Service Pack 3, 2013 y 2013 permite que usuarios locales obtengan privilegios mediante un archivo troyano dwmapi.dll en el directorio de trabajo actual durante la ejecuci\u00f3n de una aplicaci\u00f3n MFC como AtlTraceTool8.exe (tambi\u00e9n conocida como ATL MFC Trace Tool), tal y como queda demostrado con un directorio que contiene archivos TRC, cur, rs, rct o res. Esto tambi\u00e9n se conoce como \\\"MFC Insecure Library Loading Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4354E6D0-5AA8-4F1B-BD3B-1B66ABD062A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2005:sp1:*:*:redistributable_package:*:*:*\",\"matchCriteriaId\":\"619BEBC1-9B3B-47B6-A0FC-E77084D57784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2008:sp1:*:*:redistributable_package:*:*:*\",\"matchCriteriaId\":\"F5719E28-6122-4BCA-91B7-E9709DA5A891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_c\\\\+\\\\+:2010:sp1:*:*:redistributable_package:*:*:*\",\"matchCriteriaId\":\"A04EBB20-FC22-4482-861F-774853382E8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F4DFC93-9533-4893-B634-0551CDE7D252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85959AEB-2FE5-4A25-B298-F8223CE260D6\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/41212\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/42811\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205221\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/41212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/42811\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA11-102A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT205221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}],\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/426.html\\r\\n\\r\\nCWE-426: Untrusted Search Path\",\"evaluatorImpact\":\"Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per \\\"This is a remote code execution vulnerability\\\"\"}}"
  }
}

gsd-2010-3190

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-3190

Aliases

CVE-2010-3190

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-3190",
    "description": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\"",
    "id": "GSD-2010-3190"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-3190"
      ],
      "details": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\"",
      "id": "GSD-2010-3190",
      "modified": "2023-12-13T01:21:34.540957Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-3190",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT205221",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205221"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
          },
          {
            "name": "41212",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/41212"
          },
          {
            "name": "TA11-102A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
            "refsource": "MISC",
            "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
          },
          {
            "name": "oval:org.mitre.oval:def:12457",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
          },
          {
            "name": "MS11-025",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
          },
          {
            "name": "42811",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/42811"
          },
          {
            "name": "APPLE-SA-2015-09-16-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3190"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41212",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/41212"
            },
            {
              "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
            },
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "https://support.apple.com/HT205221",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205221"
            },
            {
              "name": "APPLE-SA-2015-09-16-3",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
            },
            {
              "name": "42811",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/42811"
            },
            {
              "name": "oval:org.mitre.oval:def:12457",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
            },
            {
              "name": "MS11-025",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2020-11-16T19:33Z",
      "publishedDate": "2010-08-31T20:00Z"
    }
  }
}

ghsa-4qmw-vcgw-w2vh

Vulnerability from github

Published

2022-05-13 01:13

Modified

2022-05-13 01:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-3190"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-31T20:00:00Z",
    "severity": "HIGH"
  },
  "details": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\"",
  "id": "GHSA-4qmw-vcgw-w2vh",
  "modified": "2022-05-13T01:13:33Z",
  "published": "2022-05-13T01:13:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3190"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205221"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41212"
    },
    {
      "type": "WEB",
      "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/42811"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability.". Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. dwmapi.dll It may be possible to get permission through the file. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. " Opera Software "and" Adobe Vulnerability information on " : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Microsoft ATL/MFC Trace Tool build 10.0.30319.1 is vulnerable; other versions may also be affected. Microsoft Visual Studio is a series of development tool suite products of Microsoft (Microsoft), and it is also a basically complete set of development tools. It includes most of the tools needed throughout the software lifecycle. A remote attacker could exploit this vulnerability to take complete control of an affected system and subsequently install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured with fewer system user rights are less affected than users with administrative user rights. ----------------------------------------------------------------------

Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/

TITLE: Attachmate Reflection for Secure IT Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA44906

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44906/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44906

RELEASE DATE: 2011-06-10

DISCUSS ADVISORY: http://secunia.com/advisories/44906/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/44906/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=44906

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Attachmate has acknowledged multiple vulnerabilities in Reflection for Secure IT, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's system.

For more information: SA36093 (vulnerability #2) SA44905

The vulnerabilities are reported in version 7.2 prior to SP1 in the following components: * Reflection for Secure IT Windows Server. * Reflection for Secure IT UNIX Client. * Reflection for Secure IT UNIX Server.

SOLUTION: Update to version 7.2 SP1.

ORIGINAL ADVISORY: Attachmate: http://support.attachmate.com/techdocs/2560.html http://support.attachmate.com/techdocs/2564.html http://support.attachmate.com/techdocs/2565.html http://support.attachmate.com/techdocs/2566.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-09-16-3 iTunes 12.3

iTunes 12.3 is now available and addresses the following:

iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1157 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

iTunes Available for: Windows 7 and later Impact: Applications that use ICU may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of unicode strings. These issues were addressed by updating ICU to version 55. CVE-ID CVE-2014-8146 CVE-2015-1205

iTunes Available for: Windows 7 and later Impact: Opening a media file may lead to arbitrary code execution Description: A security issue existed in Microsoft Foundation Class's handling of library loading. This issue was addressed by updating to the latest version of the Microsoft Visual C++ Redistributable Package. CVE-ID CVE-2010-3190 : Stefan Kanthak

iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1152 : Apple CVE-2015-1153 : Apple CVE-2015-3730 : Apple CVE-2015-3731 : Apple CVE-2015-3733 : Apple CVE-2015-3734 : Apple CVE-2015-3735 : Apple CVE-2015-3736 : Apple CVE-2015-3737 : Apple CVE-2015-3738 : Apple CVE-2015-3739 : Apple CVE-2015-3740 : Apple CVE-2015-3741 : Apple CVE-2015-3742 : Apple CVE-2015-3743 : Apple CVE-2015-3744 : Apple CVE-2015-3745 : Apple CVE-2015-3746 : Apple CVE-2015-3747 : Apple CVE-2015-3748 : Apple CVE-2015-3749 : Apple CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5791 : Apple CVE-2015-5792 : Apple CVE-2015-5793 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5798 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5808 : Joe Vennix CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5814 : Apple CVE-2015-5815 : Apple CVE-2015-5816 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple

Software Update Impact: An attacker in a privileged network position may be able to obtain encrypted SMB credentials Description: A redirection issue existed in the handling of certain network connections. This issue was addressed through improved resource validation. CVE-ID CVE-2015-5920 : Cylance

iTunes 12.3 may be obtained from: http://www.apple.com/itunes/download/

You may also update to the latest version of iTunes via Apple Software Update, which can be found in the Start menu.

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV+axbAAoJEBcWfLTuOo7tLSYP/1NCYHZeWYxqLnLgHgCcNRF/ iqZ7hq9UgxomXxoDVknvvWc61Z+UW6VIgGzEfzSlO9APIGC7ia1tdKl66oMEYSal aGt5AJc9c55RuuvgF/IxgICRsuXjHsAmlQb5FPqwe2gSJYxggCfhObdQ/ShbP2kp mV8sYiJJiKkYZqFDH17fvtAWV3GZ7CtXfneWDHlerJunbuUzWLpjWcYwbaiD/1C2 5CTohgHbTMtG2MGRacFXeYAXFhbnr6mXcxy+7Zee3B6x33/ypA/Q+KaIxPv4bssr 7XXzYin8bdMHlW6MWuCmyzJd2P/4opKvzNeyoZb1BM02k0Fb7SWDMwFA9UVovsX5 yCNKn0rg1nMhbXLjpob7G0GYfHNeGOy5PqKu3PXF++R4H5kGr9v2CZH+8dIU5+J7 LFyDSBZ4vlMsCYTRfI1PEUM6w3d+whrBl9vagVeJZG5gkSrZXftALjZsQXUhgqZH mKDcSj/leCTbbbHMPq/NngQuUXzVRe+SJwVtSJEfQSg2yGCdBGTsjqftcOeDgVUL vHR0KkZ4lVx5Aq48XFfXXvn5d3g+kP5pTeVbGdWFmf7XNDp3Vap5ATlTF5UF4EKt jHPGMzWZwvEkdzDryynsTzrMR3TjTb7dDtXH6LEoKfOwIyxnH6+g8K1DbgdXgiJo dL48EUi+MBq820BzP1fp =cz5N -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201008-0241",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "microsoft",
        "version": "2005"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2010"
      },
      {
        "model": "visual c\\+\\+",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "visual c\\+\\+",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2010"
      },
      {
        "model": "visual c\\+\\+",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2005"
      },
      {
        "model": "visual studio .net",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.1.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "abvent",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "adobe",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "atomix productions",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "autodesk",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "avast antivirus",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "bentley",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "bittorrent",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "bitmanagement",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "conceiva",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "corel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cyberlink",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "daemon tools",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "dassault systemes",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "divx",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ezb",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ecava",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "fengtao",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gfi",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "graphisoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "gilles vollant",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "guidance",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "httrack",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "izarc",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "inkscape",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "maxthon",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microchip",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "netstumbler",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nokia",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "norman",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nullsoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "opera",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pgp",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pkware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "pixia",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "realnetworks",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sisoftware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "smart projects",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sonic",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sony",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sweetscape",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "teamviewer",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "techsmith",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tortoisesvn",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "tracker",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "videolan",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "winmerge",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wireshark",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "wolters kluwer",
        "version": null
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "12.3   (windows 7 or later )"
      },
      {
        "model": "visual c++",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2005"
      },
      {
        "model": "visual c++",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "visual c++",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2010"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": ".net 2003"
      },
      {
        "model": "lhaforge",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "claybird",
        "version": "1.5.1 and earlier"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.3"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.4"
      },
      {
        "model": "securebranch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "soho xp dedicated application  securebranch accessmanager ver2.2.18 before"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2"
      },
      {
        "model": "explzh",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "pon",
        "version": "v.5.65 and earlier"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "securebranch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "soho vista dedicated application  securebranch accessmanager ver3.0.13 before"
      },
      {
        "model": "lunascape",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "lunascape",
        "version": "6.3.0 and earlier"
      },
      {
        "model": "securefinger",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "fingerprint authentication runtime ( c / s edition) all versions"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "client v7.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.5"
      },
      {
        "model": "esmpro/serveragentservice",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "lhmelt",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "micco",
        "version": "1.65.1.2 and earlier"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "download server v7.1"
      },
      {
        "model": "esmpro/serveragent",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "client  v5.3"
      },
      {
        "model": "terapad",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "terao progress",
        "version": "ver.1.00\\u3000 and earlier"
      },
      {
        "model": "sleipnir",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fenrir",
        "version": "2.9.5 and earlier"
      },
      {
        "model": "securefinger",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "fingerprint authentication utility ad all versions"
      },
      {
        "model": "lhaplus",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "schezo",
        "version": "1.57 and earlier"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.3"
      },
      {
        "model": "infoframe documentskipper",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "downloader  v5.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "download contents v8.2"
      },
      {
        "model": "visual studio sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2010"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20100"
      },
      {
        "model": "visual studio sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "visual studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20080"
      },
      {
        "model": "visual studio team edition for testers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20050"
      },
      {
        "model": "visual studio team edition for developers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20050"
      },
      {
        "model": "visual studio team edition for architects",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20050"
      },
      {
        "model": "visual studio team edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20050"
      },
      {
        "model": "visual studio standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20050"
      },
      {
        "model": "visual studio professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20050"
      },
      {
        "model": "visual studio premier partner edition enu",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2005-8.0.50727.42"
      },
      {
        "model": "visual studio 64-bit hosted visual c++ tools sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2005"
      },
      {
        "model": "visual studio sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2005"
      },
      {
        "model": "visual studio .net",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20050"
      },
      {
        "model": "visual studio .net enterprise architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "visual studio .net sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "visual c++ redistributable package sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2010"
      },
      {
        "model": "visual c++ redistributable package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20100"
      },
      {
        "model": "visual c++ redistributable package sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "visual c++ redistributable package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20080"
      },
      {
        "model": "visual c++ redistributable package sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2005"
      },
      {
        "model": "visual c++ redistributable package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20050"
      },
      {
        "model": "exchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20160"
      },
      {
        "model": "exchange server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20130"
      },
      {
        "model": "exchange server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2010"
      },
      {
        "model": "atl/mfc trace tool build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "10.0.30319.1"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4"
      },
      {
        "model": "meeting exchange webportal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-6.0"
      },
      {
        "model": "meeting exchange web conferencing server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange streaming server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange recording server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange client registration server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "-0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "communication server telephony manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10004.0"
      },
      {
        "model": "communication server telephony manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "10003.0"
      },
      {
        "model": "callpilot",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "callpilot",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura conferencing sp1 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "reflection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x2011"
      },
      {
        "model": "reflection suite for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "x2011"
      },
      {
        "model": "reflection for secure it windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.2"
      },
      {
        "model": "reflection for secure it windows server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "reflection for secure it windows server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "reflection for secure it windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "reflection for secure it unix server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.2"
      },
      {
        "model": "reflection for secure it unix server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "reflection for secure it unix server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "reflection for secure it unix client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.2"
      },
      {
        "model": "reflection for secure it unix client sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.0"
      },
      {
        "model": "reflection for secure it unix client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.7.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.72"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0.0.163"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6.1.7"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.6"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5.1.42"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1.10"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4.0.80"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2.12"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1.4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "reflection for secure it windows server sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.2"
      },
      {
        "model": "reflection for secure it unix server sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.2"
      },
      {
        "model": "reflection for secure it unix client sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "attachmate",
        "version": "7.2"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "12.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#707943"
      },
      {
        "db": "BID",
        "id": "42811"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "0xjudd",
    "sources": [
      {
        "db": "BID",
        "id": "42811"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-3190",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-3190",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-45795",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-3190",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#707943",
            "trust": 0.8,
            "value": "64.13"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201008-381",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-45795",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#707943"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\". Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs.  As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. dwmapi.dll It may be possible to get permission through the file. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. \" Opera Software \"and\" Adobe Vulnerability information on \" : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. \nMicrosoft ATL/MFC Trace Tool build 10.0.30319.1 is vulnerable; other versions may also be affected. Microsoft Visual Studio is a series of development tool suite products of Microsoft (Microsoft), and it is also a basically complete set of development tools. It includes most of the tools needed throughout the software lifecycle. A remote attacker could exploit this vulnerability to take complete control of an affected system and subsequently install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured with fewer system user rights are less affected than users with administrative user rights. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAttachmate Reflection for Secure IT Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44906\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44906/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906\n\nRELEASE DATE:\n2011-06-10\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44906/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44906/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nAttachmate has acknowledged multiple vulnerabilities in Reflection\nfor Secure IT, which can be exploited by malicious people to bypass\ncertain security restrictions, cause a DoS (Denial of Service), and\ncompromise a user\u0027s system. \n\nFor more information:\nSA36093 (vulnerability #2)\nSA44905\n\nThe vulnerabilities are reported in version 7.2 prior to SP1 in the\nfollowing components:\n* Reflection for Secure IT Windows Server. \n* Reflection for Secure IT UNIX Client. \n* Reflection for Secure IT UNIX Server. \n\nSOLUTION:\nUpdate to version 7.2 SP1. \n\nORIGINAL ADVISORY:\nAttachmate:\nhttp://support.attachmate.com/techdocs/2560.html\nhttp://support.attachmate.com/techdocs/2564.html\nhttp://support.attachmate.com/techdocs/2565.html\nhttp://support.attachmate.com/techdocs/2566.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-3 iTunes 12.3\n\niTunes 12.3 is now available and addresses the following:\n\niTunes\nAvailable for:  Windows 7 and later\nImpact:  Applications that use CoreText may be vulnerable to\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of text files. These issues were addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-1157 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\niTunes\nAvailable for:  Windows 7 and later\nImpact:  Applications that use ICU may be vulnerable to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nprocessing of unicode strings. These issues were addressed by\nupdating ICU to version 55. \nCVE-ID\nCVE-2014-8146\nCVE-2015-1205\n\niTunes\nAvailable for:  Windows 7 and later\nImpact:  Opening a media file may lead to arbitrary code execution\nDescription:  A security issue existed in Microsoft Foundation\nClass\u0027s handling of library loading. This issue was addressed by\nupdating to the latest version of the Microsoft Visual C++\nRedistributable Package. \nCVE-ID\nCVE-2010-3190 : Stefan Kanthak\n\niTunes\nAvailable for:  Windows 7 and later\nImpact:  A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may result in unexpected application termination or\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-1152 : Apple\nCVE-2015-1153 : Apple\nCVE-2015-3730 : Apple\nCVE-2015-3731 : Apple\nCVE-2015-3733 : Apple\nCVE-2015-3734 : Apple\nCVE-2015-3735 : Apple\nCVE-2015-3736 : Apple\nCVE-2015-3737 : Apple\nCVE-2015-3738 : Apple\nCVE-2015-3739 : Apple\nCVE-2015-3740 : Apple\nCVE-2015-3741 : Apple\nCVE-2015-3742 : Apple\nCVE-2015-3743 : Apple\nCVE-2015-3744 : Apple\nCVE-2015-3745 : Apple\nCVE-2015-3746 : Apple\nCVE-2015-3747 : Apple\nCVE-2015-3748 : Apple\nCVE-2015-3749 : Apple\nCVE-2015-5789 : Apple\nCVE-2015-5790 : Apple\nCVE-2015-5791 : Apple\nCVE-2015-5792 : Apple\nCVE-2015-5793 : Apple\nCVE-2015-5794 : Apple\nCVE-2015-5795 : Apple\nCVE-2015-5796 : Apple\nCVE-2015-5797 : Apple\nCVE-2015-5798 : Apple\nCVE-2015-5799 : Apple\nCVE-2015-5800 : Apple\nCVE-2015-5801 : Apple\nCVE-2015-5802 : Apple\nCVE-2015-5803 : Apple\nCVE-2015-5804 : Apple\nCVE-2015-5805\nCVE-2015-5806 : Apple\nCVE-2015-5807 : Apple\nCVE-2015-5808 : Joe Vennix\nCVE-2015-5809 : Apple\nCVE-2015-5810 : Apple\nCVE-2015-5811 : Apple\nCVE-2015-5812 : Apple\nCVE-2015-5813 : Apple\nCVE-2015-5814 : Apple\nCVE-2015-5815 : Apple\nCVE-2015-5816 : Apple\nCVE-2015-5817 : Apple\nCVE-2015-5818 : Apple\nCVE-2015-5819 : Apple\nCVE-2015-5821 : Apple\nCVE-2015-5822 : Mark S. Miller of Google\nCVE-2015-5823 : Apple\n\nSoftware Update\nImpact:  An attacker in a privileged network position may be able to\nobtain encrypted SMB credentials\nDescription:  A redirection issue existed in the handling of certain\nnetwork connections. This issue was addressed through improved\nresource validation. \nCVE-ID\nCVE-2015-5920 : Cylance\n\n\niTunes 12.3 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nYou may also update to the latest version of iTunes via Apple\nSoftware Update, which can be found in the Start menu. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+axbAAoJEBcWfLTuOo7tLSYP/1NCYHZeWYxqLnLgHgCcNRF/\niqZ7hq9UgxomXxoDVknvvWc61Z+UW6VIgGzEfzSlO9APIGC7ia1tdKl66oMEYSal\naGt5AJc9c55RuuvgF/IxgICRsuXjHsAmlQb5FPqwe2gSJYxggCfhObdQ/ShbP2kp\nmV8sYiJJiKkYZqFDH17fvtAWV3GZ7CtXfneWDHlerJunbuUzWLpjWcYwbaiD/1C2\n5CTohgHbTMtG2MGRacFXeYAXFhbnr6mXcxy+7Zee3B6x33/ypA/Q+KaIxPv4bssr\n7XXzYin8bdMHlW6MWuCmyzJd2P/4opKvzNeyoZb1BM02k0Fb7SWDMwFA9UVovsX5\nyCNKn0rg1nMhbXLjpob7G0GYfHNeGOy5PqKu3PXF++R4H5kGr9v2CZH+8dIU5+J7\nLFyDSBZ4vlMsCYTRfI1PEUM6w3d+whrBl9vagVeJZG5gkSrZXftALjZsQXUhgqZH\nmKDcSj/leCTbbbHMPq/NngQuUXzVRe+SJwVtSJEfQSg2yGCdBGTsjqftcOeDgVUL\nvHR0KkZ4lVx5Aq48XFfXXvn5d3g+kP5pTeVbGdWFmf7XNDp3Vap5ATlTF5UF4EKt\njHPGMzWZwvEkdzDryynsTzrMR3TjTb7dDtXH6LEoKfOwIyxnH6+g8K1DbgdXgiJo\ndL48EUi+MBq820BzP1fp\n=cz5N\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-3190"
      },
      {
        "db": "CERT/CC",
        "id": "VU#707943"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001999"
      },
      {
        "db": "BID",
        "id": "42811"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45795"
      },
      {
        "db": "PACKETSTORM",
        "id": "102169"
      },
      {
        "db": "PACKETSTORM",
        "id": "133618"
      }
    ],
    "trust": 3.6
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-45795",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45795"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-3190",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "42811",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA11-102A",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "41212",
        "trust": 2.5
      },
      {
        "db": "CERT/CC",
        "id": "VU#707943",
        "trust": 1.6
      },
      {
        "db": "USCERT",
        "id": "TA10-238A",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "44906",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "1699",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "44905",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "40983",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1025630",
        "trust": 0.8
      },
      {
        "db": "SECTRACK",
        "id": "1025346",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA11-102A",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99970459",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001999",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "133618",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-45795",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "102169",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#707943"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45795"
      },
      {
        "db": "BID",
        "id": "42811"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001999"
      },
      {
        "db": "PACKETSTORM",
        "id": "102169"
      },
      {
        "db": "PACKETSTORM",
        "id": "133618"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "id": "VAR-201008-0241",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45795"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T19:34:29.934000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-09-16-3 iTunes 12.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html"
      },
      {
        "title": "HT205221",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205221"
      },
      {
        "title": "HT205221",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205221"
      },
      {
        "title": "MS11-025",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx"
      },
      {
        "title": "MS11-025",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms11-025.mspx"
      },
      {
        "title": "MS11-025e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/ms11-025e.mspx"
      },
      {
        "title": "TA11-102A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta11-102a.html"
      },
      {
        "title": "HT4105",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4105"
      },
      {
        "title": "HT4105",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht4105?viewlocale=ja_jp"
      },
      {
        "title": "Opera Software\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu707943/844993/index.html"
      },
      {
        "title": "Adobe\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu707943/244523/index.html"
      },
      {
        "title": "LhaForge",
        "trust": 0.8,
        "url": "http://claybird.sakura.ne.jp/garage/lhaforge/index.html"
      },
      {
        "title": "2010.2F9.2F7_ver_6.3.1",
        "trust": 0.8,
        "url": "http://lunapedia.lunascape.jp/index.php?title=lunascape6#2010.2f9.2f7_ver_6.3.1"
      },
      {
        "title": "Another technique for Fixing DLL Preloading attacks",
        "trust": 0.8,
        "url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
      },
      {
        "title": "More information about the DLL Preloading remote attack vector",
        "trust": 0.8,
        "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
      },
      {
        "title": "Secure loading of libraries to prevent DLL preloading attacks - Guidance for Software Developers\u3000(Word \u6587\u66f8)",
        "trust": 0.8,
        "url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-21/secure-loading-of-libraries-to-prevent-dll-preloading.docx"
      },
      {
        "title": "Dynamic-Link Library Security",
        "trust": 0.8,
        "url": "http://msdn.microsoft.com/ja-jp/library/ff919712%28v=vs.85%29.aspx"
      },
      {
        "title": "2269637",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
      },
      {
        "title": "Load Library Safely",
        "trust": 0.8,
        "url": "https://blogs.technet.microsoft.com/srd/2014/05/13/load-library-safely/"
      },
      {
        "title": "DLL \u691c\u7d22\u30d1\u30b9\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u5236\u5fa1\u3059\u308b\u65b0\u3057\u3044 CWDIllegalInDllSearch \u30ec\u30b8\u30b9\u30c8\u30ea\u30a8\u30f3\u30c8\u30ea\u306b\u3064\u3044\u3066",
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/2264107"
      },
      {
        "title": "NV11-003",
        "trust": 0.8,
        "url": "http://www.nec.co.jp/security-info/secinfo/nv11-003.html"
      },
      {
        "title": "Microsoft Windows \u306b\u304a\u3051\u308b DLL \u8aad\u307f\u8fbc\u307f\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "http://www.ponsoftware.com/archiver/bug.htm#load_lib"
      },
      {
        "title": "\u691c\u7d22\u30d1\u30b9\u306e\u554f\u984c\u306b\u8d77\u56e0\u3059\u308b\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www5f.biglobe.ne.jp/~t-susumu"
      },
      {
        "title": "MHSVI#20100824",
        "trust": 0.8,
        "url": "http://homepage3.nifty.com/micco/vul/2010/mhsvi20100824.htm"
      },
      {
        "title": "sleipnirsleipnir_295",
        "trust": 0.8,
        "url": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html"
      },
      {
        "title": "2269637",
        "trust": 0.8,
        "url": "https://www.microsoft.com/japan/technet/security/advisory/2269637.mspx"
      },
      {
        "title": "\u65b0\u305f\u306a\u30ea\u30e2\u30fc\u30c8\u306e\u653b\u6483\u624b\u6cd5\u306b\u95a2\u3059\u308b\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea 2269637 \u3092\u516c\u958b",
        "trust": 0.8,
        "url": "http://blogs.technet.com/b/jpsecurity/archive/2010/08/24/3351474.aspx"
      },
      {
        "title": "\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u5b89\u5168\u306b\u30ed\u30fc\u30c9\u3057\u3066 DLL \u306e\u30d7\u30ea\u30ed\u30fc\u30c9\u653b\u6483\u3092\u9632\u3050 - \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u958b\u767a\u8005\u5411\u3051\u30ac\u30a4\u30c0\u30f3\u30b9 (Word \u6587\u66f8)",
        "trust": 0.8,
        "url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-74/secure-loading-of-libraries-to-prevent-dll-preloading_5f00_j.docx"
      },
      {
        "title": "TA10-238A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-238a.html"
      },
      {
        "title": "Microsoft ATL/MFC Tracking tool DLL Fixing measures for loading code bugs",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134164"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001999"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-426",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/42811"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta11-102a.html"
      },
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2010-3190"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht205221"
      },
      {
        "trust": 1.7,
        "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
      },
      {
        "trust": 1.7,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12457"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/41212"
      },
      {
        "trust": 1.6,
        "url": "http://jvn.jp/cert/jvnta10-238a"
      },
      {
        "trust": 1.1,
        "url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
      },
      {
        "trust": 1.1,
        "url": "http://blog.rapid7.com/?p=5325"
      },
      {
        "trust": 1.1,
        "url": "https://www.microsoft.com/technet/security/advisory/2269637.mspx"
      },
      {
        "trust": 1.1,
        "url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/44906/"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/blogs/vuls/2008/09/carpet_bombing_and_directory_p.html"
      },
      {
        "trust": 0.8,
        "url": "http://blog.mandiant.com/archives/1207"
      },
      {
        "trust": 0.8,
        "url": "http://msdn.microsoft.com/en-us/library/aa297182"
      },
      {
        "trust": 0.8,
        "url": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html"
      },
      {
        "trust": 0.8,
        "url": "http://msdn.microsoft.com/en-us/library/ms684175%28vs.85%29.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-1-pub.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-2-pub.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.acrossecurity.com/aspr/aspr-2010-08-18-1-pub.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/1699/discuss"
      },
      {
        "trust": 0.8,
        "url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/cse-2010-2.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://support.microsoft.com/kb/2264107"
      },
      {
        "trust": 0.8,
        "url": "http://www.guninski.com/officedll.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3190"
      },
      {
        "trust": 0.8,
        "url": "https://www.jpcert.or.jp/at/2011/at110008.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta11-102a"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99970459/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2010-23"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3190"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/40983/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/41212/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/44905/"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id/1025630"
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id/1025346"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa11-102a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/important/topics-bn.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/about/press/20101111.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu707943"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2010-23/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta10-238a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/707943"
      },
      {
        "trust": 0.4,
        "url": "http://support.attachmate.com/techdocs/2566.html"
      },
      {
        "trust": 0.4,
        "url": "http://support.attachmate.com/techdocs/2564.html"
      },
      {
        "trust": 0.4,
        "url": "http://support.attachmate.com/techdocs/2560.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht205221"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/css/p8/documents/100133982"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/en-us/download/details.aspx?id=27049"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://conference.first.org/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/44906/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://support.attachmate.com/techdocs/2565.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3733"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3741"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3687"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3730"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3688"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3190"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1153"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3686"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3748"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3749"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3744"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3746"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3742"
      },
      {
        "trust": 0.1,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3743"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3747"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3745"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3739"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/itunes/download/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#707943"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45795"
      },
      {
        "db": "BID",
        "id": "42811"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001999"
      },
      {
        "db": "PACKETSTORM",
        "id": "102169"
      },
      {
        "db": "PACKETSTORM",
        "id": "133618"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#707943"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45795"
      },
      {
        "db": "BID",
        "id": "42811"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001999"
      },
      {
        "db": "PACKETSTORM",
        "id": "102169"
      },
      {
        "db": "PACKETSTORM",
        "id": "133618"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-08-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#707943"
      },
      {
        "date": "2010-08-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45795"
      },
      {
        "date": "2010-08-27T00:00:00",
        "db": "BID",
        "id": "42811"
      },
      {
        "date": "2011-07-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "date": "2010-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001999"
      },
      {
        "date": "2011-06-10T12:17:07",
        "db": "PACKETSTORM",
        "id": "102169"
      },
      {
        "date": "2015-09-19T15:35:19",
        "db": "PACKETSTORM",
        "id": "133618"
      },
      {
        "date": "2010-08-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      },
      {
        "date": "2010-08-31T20:00:02.297000",
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#707943"
      },
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45795"
      },
      {
        "date": "2018-10-09T19:00:00",
        "db": "BID",
        "id": "42811"
      },
      {
        "date": "2015-10-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-001916"
      },
      {
        "date": "2016-11-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001999"
      },
      {
        "date": "2021-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      },
      {
        "date": "2020-11-16T19:33:52.007000",
        "db": "NVD",
        "id": "CVE-2010-3190"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Windows based applications may insecurely load dynamic libraries",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#707943"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201008-381"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2010-3190

Vulnerability from fkie_nvd

Published

2010-08-31 20:00

Modified

2024-11-21 01:18

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html	Mailing List, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/41212	Third Party Advisory
cve@mitre.org	http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/	Broken Link
cve@mitre.org	http://www.securityfocus.com/bid/42811	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	Third Party Advisory, US Government Resource
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457	Third Party Advisory
cve@mitre.org	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190	Patch, Vendor Advisory
cve@mitre.org	https://support.apple.com/HT205221	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41212	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/42811	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA11-102A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205221	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	itunes	12.1.3
microsoft	visual_c\+\+	2005
microsoft	visual_c\+\+	2008
microsoft	visual_c\+\+	2010
microsoft	visual_studio	2005
microsoft	visual_studio	2008
microsoft	visual_studio	2010
microsoft	visual_studio_.net	2003

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4354E6D0-5AA8-4F1B-BD3B-1B66ABD062A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "619BEBC1-9B3B-47B6-A0FC-E77084D57784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "F5719E28-6122-4BCA-91B7-E9709DA5A891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "A04EBB20-FC22-4482-861F-774853382E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DFC93-9533-4893-B634-0551CDE7D252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no fiable en Microsoft Foundation Class (MFC) Library en Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1 y 2010; Visual C++ 2005 SP1, 2008 SP1 y 2010 y Exchange Server 2010 Service Pack 3, 2013 y 2013 permite que usuarios locales obtengan privilegios mediante un archivo troyano dwmapi.dll en el directorio de trabajo actual durante la ejecuci\u00f3n de una aplicaci\u00f3n MFC como AtlTraceTool8.exe (tambi\u00e9n conocida como ATL MFC Trace Tool), tal y como queda demostrado con un directorio que contiene archivos TRC, cur, rs, rct o res. Esto tambi\u00e9n se conoce como \"MFC Insecure Library Loading Vulnerability\"."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\nCWE-426: Untrusted Search Path",
  "evaluatorImpact": "Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per \"This is a remote code execution vulnerability\"",
  "id": "CVE-2010-3190",
  "lastModified": "2024-11-21T01:18:14.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-31T20:00:02.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/41212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42811"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/41212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205221"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2010-3190

Vulnerability from cvelistv5

gsd-2010-3190

Vulnerability from gsd

ghsa-4qmw-vcgw-w2vh

Vulnerability from github

var-201008-0241

Vulnerability from variot

fkie_cve-2010-3190

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature