The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Microsoft Visual Studio: code execution via dwmapi.dll

Synthesis of the vulnerability 

MFC applications, generally compiled with Microsoft Visual Studio C++, automatically load the dwmapi.dll library, which can contain malicious code.
Vulnerable systems: Avamar, Exchange, Visual Studio.
Severity of this threat: 2/4.
Creation date: 19/10/2010.
Références of this weakness: 2500212, CERTA-2011-AVI-208, CVE-2010-3190, DSA-2020-084, MS11-025, VIGILANCE-VUL-10052.

Description of the vulnerability 

The Microsoft Visual Studio environment is used to create Win32 applications written in C++, and using the MFC (Microsoft Foundation Class).

When a MFC application is loaded (directly or via a data file with an associated extension), it searches and loads the dwmapi.dll library from its current directory.

An attacker can therefore create a network share containing:
 - a data file associated to the application, and
 - a malicious dwmapi.dll library
When the victim will open the data file, the library will be loaded and its malicious code will be executed.

An attacker can therefore execute code with privileges of users of Win32 MFC applications, generally compiled by Microsoft Visual Studio.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as Avamar, Exchange, Visual Studio.

Our Vigil@nce team determined that the severity of this vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness alert.

Solutions for this threat 

Dell EMC Avamar Client for Windows: patch for MFC.
A patch is indicated in information sources.

Microsoft Exchange: patch of October 2018.
A patch is indicated in information sources.

Microsoft Visual MFC: patch.
A patch is available:
Microsoft Visual Studio .NET 2003 SP1
  http://www.microsoft.com/downloads/details.aspx?familyid=e9501082-a651-452b-8c1a-43987ffd3102
Microsoft Visual Studio 2005 SP1
  http://www.microsoft.com/downloads/details.aspx?familyid=ee64d83b-6c06-4ccf-b12d-99e2a7a7b18d
Microsoft Visual Studio 2008 SP1
  http://www.microsoft.com/downloads/details.aspx?familyid=e6a8e024-12ee-43d5-9aae-4c721505d6df
Microsoft Visual Studio 2010
  http://www.microsoft.com/downloads/details.aspx?familyid=7fd643a8-8e05-4d27-8853-33f79f01cb26
Microsoft Visual Studio 2010 SP1
  http://www.microsoft.com/downloads/details.aspx?familyid=1a21c9db-dfa3-4a07-a1e0-89a8069b7c17
Microsoft Visual C++ 2005 SP1 Redistributable Package
  http://www.microsoft.com/downloads/details.aspx?familyid=ae2e1a40-7b45-4fe9-a20f-2ed2923aca62
Microsoft Visual C++ 2008 SP1 Redistributable Package
  http://www.microsoft.com/downloads/details.aspx?familyid=a821847e-4c44-45c0-9128-61c822bb3280
Microsoft Visual C++ 2010 Redistributable Package
  http://www.microsoft.com/downloads/details.aspx?familyid=fe558aed-9274-415f-8a0f-d9d8622fb35b
The Microsoft announce indicates workarounds.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities.