vulnerability

Microsoft CVE-2010-3190: MFC Insecure Library Loading Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Oct 9, 2018	Oct 31, 2018	Feb 18, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Oct 9, 2018

Added

Oct 31, 2018

Modified

Feb 18, 2025

Description

A remote code execution vulnerability exists in the way that certain applications built using Microsoft Foundation Classes (MFC) handle the loading of DLL files.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The update addresses this vulnerability by correcting how applications built using MFC load DLL files.

Solution

msft-kb2565063-719584bc-2208-4bc9-a650-d3d6347eb32e-cve-2010-3190

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report