TeamMate Audit Management Software Suite Insecure Library Loading Vulnerability

Secunia ID	SA41097
CVE-ID	CVE-2010-3125
Release Date	02 Sep 2010
Last Change	10 Sep 2010
Criticality	Highly Critical
Solution Status	Unpatched
Software	TeamMate Audit Management Software Suite 8.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been reported in TeamMate Audit Management Software Suite, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. mfc71enu.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a TMX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0 patch 2 for Windows. Other versions may also be affected.
Solution	Do not open untrusted files.
Reported by	Beenu Arora
Original Advisory	http://www.exploit-db.com/exploits/14747/