Vulnerabilities > CVE-2010-3148 - Unspecified vulnerability in Microsoft Visio 2003

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus
exploit available
NVD
Published: 2010-08-27
Updated: 2024-11-21

Summary

Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Exploit-Db

descriptionMicrosoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll). CVE-2010-3148. Local exploit for windows platform
fileexploits/windows/local/14744.c
idEDB-ID:14744
last seen2016-02-01
modified2010-08-25
platformwindows
port
published2010-08-25
reporterBeenu Arora
sourcehttps://www.exploit-db.com/download/14744/
titleMicrosoft Visio 2003 DLL Hijacking Exploit mfc71enu.dll
typelocal

Msbulletin

bulletin_idMS11-055
bulletin_url
date2011-07-12T00:00:00
impactRemote Code Execution
knowledgebase_id2560847
knowledgebase_url
severityImportant
titleVulnerability in Microsoft Visio Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS11-055.NASL
descriptionThe remote host contains a version of Microsoft Visio that is affected by an insecure library loading vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted Microsoft Visio file, resulting in arbitrary code execution.
last seen2020-06-01
modified2020-06-02
plugin id55571
published2011-07-12
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/55571
titleMS11-055: Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(55571);
  script_version("1.19");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2010-3148");
  script_bugtraq_id(42681);
  script_xref(name:"EDB-ID", value:"14744");
  script_xref(name:"IAVA", value:"2011-A-0098");
  script_xref(name:"MSFT", value:"MS11-055");
  script_xref(name:"Secunia", value:"45077");
  script_xref(name:"MSKB", value:"2493523");

  script_name(english:"MS11-055: Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)");
  script_summary(english:"Checks version of Omfcu.dll");

  script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote Windows host through
Visio.");
  script_set_attribute(attribute:"description", value:
"The remote host contains a version of Microsoft Visio that is
affected by an insecure library loading vulnerability.

A remote attacker could exploit this by tricking a user into opening a
specially crafted Microsoft Visio file, resulting in arbitrary code
execution.");

  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-055");
  script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Visio 2003.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/07/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visio");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}

include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
include("audit.inc");


get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS11-055';
kbs = make_list("2493523");
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

installs = get_kb_list_or_exit("SMB/Office/Visio/*/VisioPath");

share = '';
kb = "2493523";
foreach install (keys(installs))
{
  version = install - 'SMB/Office/Visio/' - '/VisioPath';
  if (version =~ '^11\\.0')
  {
    path = installs[install];
    share = hotfix_path2share(path:path);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

    if (hotfix_is_vulnerable(path:path, file:"Visio11\Omfcu.dll", version:"11.0.8332.0", bulletin:bulletin, kb:kb))
    {
      set_kb_item(name:"SMB/Missing/" + bulletin, value:TRUE);
      hotfix_security_hole();
      hotfix_check_fversion_end();
      exit(0);
    }
  }
}
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');

Oval

accepted2013-02-11T04:03:45.086-05:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameDragos Prisaca
    organizationSymantec Corporation
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
commentMicrosoft Office Visio 2003 is installed
ovaloval:org.mitre.oval:def:1450
descriptionUntrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
familywindows
idoval:org.mitre.oval:def:7122
statusaccepted
submitted2010-10-08T04:21:55
titleUntrusted search path vulnerability in Microsoft Visio 2003
version10

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 42681 CVE ID: CVE-2010-3148 Microsoft Visio是Windows 操作系统下运行的流程图软件,它现在是Microsoft Office软件的一个部分。 Microsoft Visio在实现上存在不安全库加载漏洞,远程攻击者可利用此漏洞控制受影响系统。 此漏洞源于以不安全的方式加载应用程序库(例如mfc71enu.dll和mfc71loc.dll),通过诱使用户打开位于远程WebDAV或SMB共享上的Microsoft Visio Stencil (".vss")文件,造成加载任意库。 Microsoft Visio 2003 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS11-055)以及相应补丁: MS11-055:Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847) 链接:http://www.microsoft.com/technet/security/bulletin/MS11-055.asp
idSSV:20717
last seen2017-11-19
modified2011-07-14
published2011-07-14
reporterRoot
titleMicrosoft Visio 2003 "mfc71enu.dll" DLL加载远程代码执行漏洞(MS11-055)

References