ID CVE-2011-2009
Summary Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7 64-bit Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64
  • Microsoft Windows 7 x86 Service Pack 1
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
  • cpe:2.3:a:microsoft:windows_media_center_tv_pack
    cpe:2.3:a:microsoft:windows_media_center_tv_pack
  • cpe:2.3:o:microsoft:windows_vista:-:x32
    cpe:2.3:o:microsoft:windows_vista:-:x32
  • cpe:2.3:o:microsoft:windows_vista:-:x64
    cpe:2.3:o:microsoft:windows_vista:-:x64
CVSS
Base: 9.3 (as of 12-10-2011 - 11:15)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS11-076
bulletin_url
date 2011-10-11T00:00:00
impact Remote Code Execution
knowledgebase_id 2604926
knowledgebase_url
severity Important
title Vulnerability in Windows Media Center Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS11-076.NASL
description The remote Windows host contains a version of Windows Media Center that fails to properly restrict the path used for loading external libraries. If an attacker can trick a user into opening a file that resides in the same directory as a specially crafted DLL file, he can leverage this issue to execute arbitrary code in that DLL file subject to the user's privileges.
last seen 2019-02-21
modified 2018-11-15
plugin id 56450
published 2011-10-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56450
title MS11-076: Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
oval via4
accepted 2011-11-28T04:00:17.791-05:00
class vulnerability
contributors
name Dragos Prisaca
organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6124
  • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5594
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12292
  • comment Microsoft Windows 7 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12627
description Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:12934
status accepted
submitted 2011-10-11T13:00:00
title Media Center Insecure Library Loading Vulnerability
version 68
refmap via4
ms MS11-076
Last major update 26-01-2012 - 23:00
Published 11-10-2011 - 22:52
Last modified 30-10-2018 - 12:27
Back to Top