Microsoft ATL/MFC Trace Tool (atltracetool8.exe) is prone to a vulnerability that lets attackers execute arbitrary code.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
Microsoft ATL/MFC Trace Tool build 10.0.30319.1 is vulnerable; other versions may also be affected.
Information
Microsoft Visual Studio 2010 0
Microsoft Visual Studio 2008 SP1
Microsoft Visual Studio 2008 0
Microsoft Visual Studio 2005 Team Edition for Testers 0
Microsoft Visual Studio 2005 Team Edition for Developers 0
Microsoft Visual Studio 2005 Team Edition for Architects 0
Microsoft Visual Studio 2005 Team Edition 0
Microsoft Visual Studio 2005 Standard Edition 0
Microsoft Visual Studio 2005 Professional Edition 0
Microsoft Visual Studio 2005 Premier Partner Edition - ENU 8.0.50727 .42
Microsoft Visual Studio 2005 64-bit Hosted Visual C++ Tools SP1
Microsoft Visual Studio 2005 SP1
Microsoft Visual Studio 2005
Microsoft Visual Studio .NET 2005 0
Microsoft Visual Studio .NET 2003 Enterprise Architect
Microsoft Visual Studio .NET 2003 SP1
Microsoft Visual Studio .NET 2003
Microsoft Visual C++ 2010 Redistributable Package SP1
Microsoft Visual C++ 2010 Redistributable Package 0
Microsoft Visual C++ 2008 Redistributable Package SP1
Microsoft Visual C++ 2008 Redistributable Package 0
Microsoft Visual C++ 2005 Redistributable Package SP1
Microsoft Visual C++ 2005 Redistributable Package 0
Microsoft Exchange Server 2016 0
Microsoft Exchange Server 2013 0
Microsoft Exchange Server 2010 SP3
Microsoft ATL/MFC Trace Tool Build 10.0.30319.1
Avaya Messaging Application Server 5.2
Avaya Messaging Application Server 5
Avaya Messaging Application Server 4
Avaya Meeting Exchange - Webportal 6.0
Avaya Meeting Exchange - Web Conferencing Server 0
Avaya Meeting Exchange - Streaming Server 0
Avaya Meeting Exchange - Recording Server 0
Avaya Meeting Exchange - Client Registration Server 0
Avaya Meeting Exchange 5.0 .0.52
Avaya Meeting Exchange 5.2 SP2
Avaya Meeting Exchange 5.2 SP1
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.1 SP1
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0
Avaya Communication Server 1000 Telephony Manager 4.0
Avaya Communication Server 1000 Telephony Manager 3.0
Avaya CallPilot 5.0
Avaya CallPilot 4.0
Avaya Aura Conferencing 6.0 Standard
Avaya Aura Conferencing 6.0 SP1 Standard
Attachmate Reflection X 2011
Attachmate Reflection Suite for X 2011
Attachmate Reflection for Secure IT Windows Server 7.2
Attachmate Reflection for Secure IT Windows Server 7.0 SP2
Attachmate Reflection for Secure IT Windows Server 7.0 SP1
Attachmate Reflection for Secure IT Windows Server 6.0
Attachmate Reflection for Secure IT UNIX Server 7.2
Attachmate Reflection for Secure IT UNIX Server 7.0 SP1
Attachmate Reflection for Secure IT UNIX Server 6.0
Attachmate Reflection for Secure IT UNIX Client 7.2
Attachmate Reflection for Secure IT UNIX Client 7.0 SP1
Attachmate Reflection for Secure IT UNIX Client 6.0
Apple iTunes 11.2.1
Apple iTunes 11.1.5
Apple iTunes 11.1.4
Apple iTunes 11.1.3
Apple iTunes 11.1.2
Apple iTunes 11.0.5
Apple iTunes 11.0.4
Apple iTunes 11.0.2
Apple iTunes 10.6.3
Apple iTunes 10.6.1
Apple iTunes 10.5.1
Apple iTunes 10.1.2
Apple iTunes 9.0.2
Apple iTunes 9.0.1
Apple iTunes 9.0
Apple iTunes 7.3.2
Apple iTunes 7.3
Apple iTunes 7.0.2
Apple iTunes 6.0.5
Apple iTunes 6.0.4
Apple iTunes 6.0.1
Apple iTunes 6.0
Apple iTunes 5.0
Apple iTunes 4.8
Apple iTunes 4.7.1
Apple iTunes 4.6
Apple iTunes 4.5
Apple iTunes 4.2 .72
Apple iTunes 9.2.1
Apple iTunes 9.2
Apple iTunes 9.1.1
Apple iTunes 9.1
Apple iTunes 9.0.3
Apple iTunes 8.2
Apple iTunes 8.1
Apple iTunes 8.0.2.20
Apple iTunes 7.4
Apple iTunes 12.2
Apple iTunes 12.0.1
Apple iTunes 11.2
Apple iTunes 11.1.1
Apple iTunes 11.1
Apple iTunes 11.0.3
Apple iTunes 11.0.1
Apple iTunes 11.0.0.163
Apple iTunes 11.0
Apple iTunes 10.7
Apple iTunes 10.6.1.7
Apple iTunes 10.6
Apple iTunes 10.5.2
Apple iTunes 10.5.1.42
Apple iTunes 10.5
Apple iTunes 10.4.1.10
Apple iTunes 10.4.1
Apple iTunes 10.4.0.80
Apple iTunes 10.4
Apple iTunes 10.3.1
Apple iTunes 10.3
Apple iTunes 10.2.2.12
Apple iTunes 10.2.2
Apple iTunes 10.2
Apple iTunes 10.1.1.4
Apple iTunes 10.1.1
Apple iTunes 10.1
Apple iTunes 10.0.1
Apple iTunes 10
Attachmate Reflection for Secure IT UNIX Server 7.2 SP1
Attachmate Reflection for Secure IT UNIX Client 7.2 SP1
Apple iTunes 12.3
Exploit
Attackers must trick a user into opening a file on a remote WebDAV or SMB share to exploit this issue.
A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.
References:
- Application DLL Load Hijacking (HD Moore)
- Exploiting DLL Hijacking Flaws (hdm)
- Microsoft Homepage (Microsoft)
- Microsoft Security Advisory 2269637 Released (Microsoft)
- More information about the DLL Preloading remote attack vector (Microsoft)
- About the security content of iTunes 12.3 (Apple)
- ASA-2011-104 MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library (Avaya)
- Microsoft Security Advisory (2269637) (Microsoft)
- Microsoft Security Bulletin MS11-018 (Microsoft)
- Microsoft Security Bulletin MS11-025 (Microsoft)
- Microsoft Visual Studio 2010 Service Pack 1 MFC Security Update (Microsoft)
- Reflection for Secure IT Windows Server 7.2 Service Pack 1 New Features and Rele (Attachmate)
- Reflection PKI Services Manager 1.2 New Features and Release Notes (Attachmate)
- Security Updates and Reflection PKI Services Manager (Attachmate)