CVE-2010-3190

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
46.7%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: August 31, 2010 (5735 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD

Description

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."

CWE

CWE-426

Affected Products

apple itunesmicrosoft visual c\+\+microsoft visual studiomicrosoft visual studio .net

References

🔗 lists.apple.com 🔗 secunia.com 🔗 www.corelan.be 🔗 www.securityfocus.com 🔗 www.us-cert.gov