Signature Detail

HTTP: Microsoft Visual Studio MFC Insecure Library Loading

This signature detects attempts to exploit a known code execution in Microsoft Visual Studio Foundation Classes (MFC). Its due to a design weakness when MFC attempts to load a specific DLL upon running an MFC-compiled executable. Remote attackers can exploit this vulnerability by enticing target users to use a MFC-built application to open a file from a WebDAV or SMB share. Upon opening the file from the share, the application would automatically load an attacker-controlled DLL from the remote share.A successful attack can result in loading the attacker-controlled library and execution of arbitrary code with the privileges of the affected application.

Extended Description

Microsoft ATL/MFC Trace Tool (atltracetool8.exe) is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Microsoft ATL/MFC Trace Tool build 10.0.30319.1 is vulnerable; other versions may also be affected.

Affected Products

• Attachmate Reflection for Secure IT UNIX Client 6.0
• Attachmate Reflection for Secure IT UNIX Client 7.0 SP1
• Attachmate Reflection for Secure IT UNIX Client 7.2
• Attachmate Reflection for Secure IT UNIX Server 6.0
• Attachmate Reflection for Secure IT UNIX Server 7.0 SP1
• Attachmate Reflection for Secure IT UNIX Server 7.2
• Attachmate Reflection for Secure IT Windows Server 6.0
• Attachmate Reflection for Secure IT Windows Server 7.0 SP1
• Attachmate Reflection for Secure IT Windows Server 7.0 SP2
• Attachmate Reflection for Secure IT Windows Server 7.2
• Attachmate Reflection Suite for X 2011
• Attachmate Reflection X 2011
• Avaya Aura Conferencing 6.0 SP1 Standard
• Avaya Aura Conferencing 6.0 Standard
• Avaya CallPilot 4.0
• Avaya CallPilot 5.0
• Avaya Communication Server 1000 Telephony Manager 3.0
• Avaya Communication Server 1000 Telephony Manager 4.0
• Avaya Meeting Exchange 5.0
• Avaya Meeting Exchange 5.0.0.0.52
• Avaya Meeting Exchange 5.0 SP1
• Avaya Meeting Exchange 5.0 SP2
• Avaya Meeting Exchange 5.1
• Avaya Meeting Exchange 5.1 SP1
• Avaya Meeting Exchange 5.2
• Avaya Meeting Exchange 5.2 SP1
• Avaya Meeting Exchange 5.2 SP2
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server 5.2
• Microsoft ATL/MFC Trace Tool Build 10.0.30319.1
• Microsoft Visual C++ 2005 Redistributable Package SP1
• Microsoft Visual C++ 2005 Redistributable Package
• Microsoft Visual C++ 2008 Redistributable Package SP1
• Microsoft Visual C++ 2008 Redistributable Package
• Microsoft Visual C++ 2010 Redistributable Package SP1
• Microsoft Visual C++ 2010 Redistributable Package
• Microsoft Visual Studio 2005 Express
• Microsoft Visual Studio 2005 Trial
• Microsoft Visual Studio 2005 SP1
• Microsoft Visual Studio 2005
• Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1
• Microsoft Visual Studio 2005 Premier Partner Edition - ENU 8.0.50727.42
• Microsoft Visual Studio 2005 Professional Edition
• Microsoft Visual Studio 2005 Standard Edition
• Microsoft Visual Studio 2005 Team Edition
• Microsoft Visual Studio 2005 Team Edition for Architects
• Microsoft Visual Studio 2005 Team Edition for Developers
• Microsoft Visual Studio 2005 Team Edition for Testers
• Microsoft Visual Studio 2008 SP1
• Microsoft Visual Studio 2008
• Microsoft Visual Studio 2010 SP1
• Microsoft Visual Studio 2010
• Microsoft Visual Studio .NET 2003 SP1
• Microsoft Visual Studio .NET 2003
• Microsoft Visual Studio .NET 2003
• Microsoft Visual Studio .NET 2003 Enterprise Architect
• Microsoft Visual Studio .NET 2005

References

• BugTraq: 42811
• CVE: CVE-2010-3190