ID CVE-2011-1975
Summary Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-09-26T04:00:18.564-04:00
class vulnerability
contributors
name Dragos Prisaca
organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12292
  • comment Microsoft Windows 7 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12627
  • comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12567
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12583
description Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:12936
status accepted
submitted 2011-08-09T13:00:00
title Data Access Components Insecure Library Loading Vulnerability
version 69
refmap via4
cert TA11-221A
ms MS11-059
Last major update 30-10-2018 - 16:27
Published 10-08-2011 - 21:55
Back to Top