Customer installed PAM Windows Proxy 4.0.3 and Vulnerability scans called out the MicroSoft's DLL (msvcr80.dll) as vulnerable with CVE-2010-3190. The path name for the vulnerable DLL is - C:\cspm_agent\cloakware\cspmclient\lib\msvcr80.dll

Release : 4.0.x, 4.1.x

Component : PRIVILEGED ACCESS MANAGEMENT

National Vulnerability Database: Common Vulnerability & Exposure CVE-2010-3190

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."

As of writing this article September 14th, 2022 - PAM version 4.0.4 and 4.1.2 will address this vulnerability by packaging a newer version of msvcr80.dll (that is not vulnerable). Please upgrade to these versions

If running earlier versions please open a support case to new dll