The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Microsoft Visual Studio: code execution via dwmapi.dll

Synthesis of the vulnerability 

MFC applications, generally compiled with Microsoft Visual Studio C++, automatically load the dwmapi.dll library, which can contain malicious code.
Vulnerable systems: Avamar, Exchange, Visual Studio.
Severity of this threat: 2/4.
Creation date: 19/10/2010.
Références of this weakness: 2500212, CERTA-2011-AVI-208, CVE-2010-3190, DSA-2020-084, MS11-025, VIGILANCE-VUL-10052.

Description of the vulnerability 

The Microsoft Visual Studio environment is used to create Win32 applications written in C++, and using the MFC (Microsoft Foundation Class).

When a MFC application is loaded (directly or via a data file with an associated extension), it searches and loads the dwmapi.dll library from its current directory.

An attacker can therefore create a network share containing:
 - a data file associated to the application, and
 - a malicious dwmapi.dll library
When the victim will open the data file, the library will be loaded and its malicious code will be executed.

An attacker can therefore execute code with privileges of users of Win32 MFC applications, generally compiled by Microsoft Visual Studio.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity vulnerability impacts software or systems such as Avamar, Exchange, Visual Studio.

Our Vigil@nce team determined that the severity of this vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this weakness alert.

Solutions for this threat 

Dell EMC Avamar Client for Windows: patch for MFC.
A patch is indicated in information sources.

Microsoft Exchange: patch of October 2018.
A patch is indicated in information sources.

Microsoft Visual MFC: patch.
A patch is available:
Microsoft Visual Studio .NET 2003 SP1
Microsoft Visual Studio 2005 SP1
Microsoft Visual Studio 2008 SP1
Microsoft Visual Studio 2010
Microsoft Visual Studio 2010 SP1
Microsoft Visual C++ 2005 SP1 Redistributable Package
Microsoft Visual C++ 2008 SP1 Redistributable Package
Microsoft Visual C++ 2010 Redistributable Package
The Microsoft announce indicates workarounds.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities.