Microsoft Office Groove Insecure Library Loading

Added: 03/28/2011
CVE: CVE-2010-3146
BID: 42695
OSVDB: 67484


Microsoft Office Groove is a collaboration-based software application that allows teams and organizations to work together regardless of physical or network location.


Microsoft Office Groove has a vulnerability due to insecure loading of mso.dll or GrovePerfmon.dll libraries upon opening .vcg and .gta files. If an attacker puts a malicious library file named mso.dll or GroovePerfmon.dll in the same directory as the .vcg or .gta file, Microsoft Office Groove will automatically load and execute the code within DLLMain of the malicious library file.


Apply the patch referenced in Microsoft Security Bulletin 11-016.



Exploit works on Microsoft Office Groove 2007.

The executable smbclient must be available on the exploit server, and a valid SMB user with permission to write to the SMB share is required. The SMB password is not allowed to contain single quotes (').

The target must be able to access the specified SMB share anonymously.



Back to exploit index