Title

Remote Code Execution Vulnerability in Microsoft Foundation Class (MFC) Library (Cat II impact)

Discussion

Microsoft has released a security bulletin to address a vulnerability affecting Microsoft Foundation Class (MFC) Library. The Microsoft Foundation Class (MFC) Library is an application framework for programming in Microsoft Windows. To exploit this vulnerability, a remote attacker would entice a user to open a legitimate file associated with the application built using MFC that is located in the same network directory as a malicious dynamic link library (DLL) file. If successfully exploited, this vulnerability would allow a remote attacker to execute arbitrary code and compromise the affected system. At this time, there are known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. MFC Insecure Library Loading Vulnerability - (CVE-2010-3190): A remote code execution vulnerability exists in the way that certain applications built Microsoft Foundation Classes (MFC) handle the loading of DLL files. The vulnerability is caused when applications built using MFC incorrectly restrict the path used for loading external libraries. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-025 (2500212). Vulnerable Applications/Systems: Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2010 Microsoft Visual C++ 2005 SP1 Redistributable Package Microsoft Visual C++ 2008 SP1 Redistributable Package Microsoft Visual C++ 2010 Redistributable Package Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below. Atl71.dll Microsoft Visual Studio .NET 2003 SP1 – 7.10.6119.0 Atl80.dll Microsoft Visual Studio 2005 SP1 – 8.0.50727.5592 Microsoft Visual C++ 2005 SP1 Redistributable Package – 8.0.50727.5592 Atl90.dll Microsoft Visual Studio 2008 SP1 – 9.0.30729.5570 Microsoft Visual C++ 2008 SP1 Redistributable Package – 9.0.30729.5570 Atl100.dll Microsoft Visual Studio 2010 – 10.0.30319.415 Microsoft Visual C++ 2010 Redistributable Package – 10.00.30319.415

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-26512

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.