| ID |
CVE-2011-1247
|
| Summary |
Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/MS11-075 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path' |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 28-09-2020 - 12:58) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS11-075 | | bulletin_url | | | date | 2011-10-11T00:00:00 | | impact | Remote Code Execution | | knowledgebase_id | 2623699 | | knowledgebase_url | | | severity | Important | | title | Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution |
|
| oval
via4
|
| accepted | 2011-11-28T04:00:30.637-05:00 | | class | vulnerability | | contributors | | name | Josh Turpin | | organization | Symantec Corporation |
| | definition_extensions | | comment | Microsoft Windows XP (x86) SP3 is installed | | oval | oval:org.mitre.oval:def:5631 |
| comment | Microsoft Windows XP x64 Edition SP2 is installed | | oval | oval:org.mitre.oval:def:4193 |
| comment | Microsoft Windows Server 2003 SP2 (x86) is installed | | oval | oval:org.mitre.oval:def:1935 |
| comment | Microsoft Windows Server 2003 SP2 (x64) is installed | | oval | oval:org.mitre.oval:def:2161 |
| comment | Microsoft Windows Server 2003 (ia64) SP2 is installed | | oval | oval:org.mitre.oval:def:1442 |
| comment | Microsoft Windows Vista (32-bit) Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:6124 |
| comment | Microsoft Windows Vista x64 Edition Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:5594 |
| comment | Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:6216 |
| comment | Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:5653 |
| comment | Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed | | oval | oval:org.mitre.oval:def:6150 |
| comment | Microsoft Windows 7 (32-bit) is installed | | oval | oval:org.mitre.oval:def:6165 |
| comment | Microsoft Windows 7 x64 Edition is installed | | oval | oval:org.mitre.oval:def:5950 |
| comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | | oval | oval:org.mitre.oval:def:6438 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | | oval | oval:org.mitre.oval:def:5954 |
| comment | Microsoft Windows 7 (32-bit) Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:12292 |
| comment | Microsoft Windows 7 x64 Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:12627 |
| comment | Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:12567 |
| comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:12583 |
| | description | Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:13116 | | status | accepted | | submitted | 2011-10-11T13:00:00 | | title | Active Accessibility Insecure Library Loading Vulnerability | | version | 76 |
|
| refmap
via4
|
|
| Last major update |
28-09-2020 - 12:58 |
| Published |
12-10-2011 - 02:52 |
| Last modified |
28-09-2020 - 12:58 |
