CVE-2010-3148

Microsoft Visio 2003 SP3 - Privilege Escalation

Title source: llm

Description

Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."

Exploits (1)

exploitdb WORKING POC

by Beenu Arora · clocalwindows

https://www.exploit-db.com/exploits/14744

View Code ZIP pw:eip

References (5)

[Exploit] http://www.exploit-db.com/exploits/14744/

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA11-193A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/2192

Scores

EPSS 0.2652

EPSS Percentile 96.3%

Details

Status published

Products (1)

microsoft/visio 2003

Published Aug 27, 2010

Tracked Since Feb 18, 2026