Microsoft Office Groove Insecure Library Loading

Added: 03/28/2011
CVE: CVE-2010-3146
BID: 42695
OSVDB: 67484

Background

Microsoft Office Groove is a collaboration-based software application that allows teams and organizations to work together regardless of physical or network location.

Problem

Microsoft Office Groove has a vulnerability due to insecure loading of mso.dll or GrovePerfmon.dll libraries upon opening .vcg and .gta files. If an attacker puts a malicious library file named mso.dll or GroovePerfmon.dll in the same directory as the .vcg or .gta file, Microsoft Office Groove will automatically load and execute the code within DLLMain of the malicious library file.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 11-016.

References

http://secunia.com/advisories/41104

Limitations

Exploit works on Microsoft Office Groove 2007.

The executable smbclient must be available on the exploit server, and a valid SMB user with permission to write to the SMB share is required. The SMB password is not allowed to contain single quotes (').

The target must be able to access the specified SMB share anonymously.

Platforms

Windows

Back to exploit index