Microsoft Visio Insecure Library Loading Vulnerability (CVE-2010-3148)
Severity: CRITICAL
CVE Identifier: CVE-2010-3148,MS11-055
Advisory Date: JUL 21, 2015
DESCRIPTION
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1004730
Trend Micro Deep Security DPI Rule Name: 1004730 - Microsoft Visio Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3148)
AFFECTED SOFTWARE AND VERSION
- microsoft visio 2003