ID CVE-2011-2019
Summary Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms11-099 'FAQ for Internet Explorer Insecure Library Loading Vulnerability - CVE-2011-2019 What is the scope of the vulnerability? This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.' Per: http://cwe.mitre.org/data/definitions/426.html
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:9:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:9:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS11-099
bulletin_url
date 2011-12-13T00:00:00
impact Remote Code Execution
knowledgebase_id 2618444
knowledgebase_url
severity Important
title Cumulative Security Update for Internet Explorer
oval via4
accepted 2014-08-18T04:00:47.347-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Internet Explorer 9 is installed
    oval oval:org.mitre.oval:def:11985
description Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:13884
status accepted
submitted 2011-12-13T13:00:00
title Internet Explorer Insecure Library Loading Vulnerability
version 77
refmap via4
cert TA11-347A
Last major update 30-10-2018 - 16:27
Published 14-12-2011 - 00:55
Last modified 28-09-2020 - 12:58
Back to Top