CVE-2010-3148

Name of the Vulnerable Software and Affected Versions Microsoft Visio version 2003 SP3

Description The issue allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory. This can be demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file. A remote code execution vulnerability exists in the way that Microsoft Visio handles the loading of DLL files, which could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Visio version 2003 SP3, as a temporary workaround, consider restricting access to the mfc71enu.dll file until a patch is available. Avoid using directories that contain .vsd, .vdx, .vst, or .vtx files in the current working directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.