RootSSV:20641Microsoft ATL/MFC跟踪工具'dwmapi.dll' DLL装载任意代码执行漏洞
0.006 Low
EPSS
Percentile
76.0%
Bugtraq ID: 42811
CVE ID:CVE-2010-3190
Microsoft Visual Studio是微软公司的开发工具套件系列产品,是一个基本完整的开发工具集,包括了软件整个生命周期中所需要的大部分工具。
Microsoft Visual Studio中使用的ATL MFC Trace Tool (AtlTraceTool8.exe)工具不安全装载’dwmapi.dll’库,攻击者可以诱使用户在远程WebDAV或SMB共享上打开 TRC,cu,rs,rc或res文件,可以以用户安全上下文装载任意库。
Microsoft Visual Studio 2010 0
Microsoft Visual Studio 2008 SP1
Microsoft Visual Studio 2008 0
Microsoft Visual Studio 2005 Team Edition for Testers 0
Microsoft Visual Studio 2005 Team Edition for Developers 0
Microsoft Visual Studio 2005 Team Edition for Architects 0
Microsoft Visual Studio 2005 Team Edition 0
Microsoft Visual Studio 2005 Standard Edition 0
Microsoft Visual Studio 2005 Professional Edition 0
Microsoft Visual Studio 2005 Premier Partner Edition - ENU 8.0.50727 .42
Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1
Microsoft Visual Studio 2005 SP1
Microsoft Visual Studio 2005
Microsoft Visual Studio .NET 2005 0
Microsoft Visual Studio .NET 2003 Enterprise Architect
Microsoft Visual Studio .NET 2003 SP1
Microsoft Visual Studio .NET 2003 0
Microsoft Visual Studio .NET 2003
- Microsoft Visual Basic .NET Standard 2003
- Microsoft Visual C# .NET Standard 2003
- Microsoft Visual C++ .NET Standard 2003
- Microsoft Visual J# .NET Standard 2003
Microsoft Visual C++ 2010 Redistributable Package 0
Microsoft Visual C++ 2008 Redistributable Package SP1
Microsoft Visual C++ 2008 Redistributable Package 0
Microsoft Visual C++ 2005 Redistributable Package SP1
Microsoft Visual C++ 2005 Redistributable Package 0
Microsoft ATL/MFC Trace Tool Build 10.0.30319.1
Avaya Messaging Application Server 5.2
Avaya Messaging Application Server 5
Avaya Messaging Application Server 4
Avaya Meeting Exchange - Webportal 0
Avaya Meeting Exchange - Web Conferencing Server 0
Avaya Meeting Exchange - Streaming Server 0
Avaya Meeting Exchange - Recording Server 0
Avaya Meeting Exchange - Client Registration Server 0
Avaya Meeting Exchange 5.0 .0.52
Avaya Meeting Exchange 5.2 SP2
Avaya Meeting Exchange 5.2 SP1
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.1 SP1
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0
Avaya Communication Server 1000 Telephony Manager 4.0
Avaya Communication Server 1000 Telephony Manager 3.0
Avaya CallPilot 5.0
Avaya CallPilot 4.0
Avaya Aura Conferencing 6.0 Standard
Avaya Aura Conferencing 6.0 SP1 Standard
Attachmate Reflection X 2011
Attachmate Reflection Suite for X 2011
Attachmate Reflection for Secure IT Windows Server 7.2
Attachmate Reflection for Secure IT Windows Server 7.0 SP2
Attachmate Reflection for Secure IT Windows Server 7.0 SP1
Attachmate Reflection for Secure IT Windows Server 6.0
Attachmate Reflection for Secure IT UNIX Server 7.2
Attachmate Reflection for Secure IT UNIX Server 7.0 SP1
Attachmate Reflection for Secure IT UNIX Server 6.0
Attachmate Reflection for Secure IT UNIX Client 7.2
Attachmate Reflection for Secure IT UNIX Client 7.0 SP1
Attachmate Reflection for Secure IT UNIX Client 6.0
厂商解决方案
用户可参考如下供应商提供的补丁信息:
Microsoft Visual Studio .NET 2003 SP1
Microsoft VS7.1sp1-KB2465373-X86.exe
http://www.microsoft.com/downloads/details.aspx?familyid=e9501082-a651 -452b-8c1a-43987ffd3102
Microsoft Visual Studio 2005 SP1
Microsoft VS80sp1-KB2465367-X86-INTL.exe
http://www.microsoft.com/downloads/details.aspx?familyid=30db022a-c05e -4d7d-a6eb-ef13ed8cce09
Related
