Vulnerability in Microsoft Visio
CVE-2010-3148
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, o…
EPSS: 0.265 (96.4th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Visio — versions 2003
- N/a — versions n/a
Public proof-of-concept exploits
References
- MS11-055 (x_refsource_MS, vendor-advisory)
- ADV-2010-2192 (vdb-entry, x_refsource_VUPEN)
- TA11-193A (US Government Resource, x_refsource_CERT, third-party-advisory)
- oval:org.mitre.oval:def:7122 (x_refsource_OVAL, signature, vdb-entry)
- 14744 (Exploit, exploit, x_refsource_EXPLOIT-DB)
Frequently asked questions
- What is CVE-2010-3148?
- CVE-2010-3148 is a vulnerability in Microsoft Visio. Published 2010-08-27.
- Is CVE-2010-3148 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.