Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2011-08-10
Updated: 2018-10-30
Summary
Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Vulnerable Configurations
Msbulletin
bulletin_id | MS11-059 |
bulletin_url | |
date | 2011-08-09T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2560656 |
knowledgebase_url | |
severity | Important |
title | Vulnerability in Data Access Components Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS11-059.NASL |
description | The version of Microsoft Data Access Components (MDAC) installed on the remote Windows host is affected by a code execution vulnerability. By tricking a user into opening a legitimate Excel file that is in the same directory as a specially crafted library file, a remote, unauthenticated user could execute arbitrary code on the host subject to the privileges of the user running the affected application. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 55789 |
published | 2011-08-09 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/55789 |
title | MS11-059: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2560656) |
Oval
accepted | 2011-09-26T04:00:18.564-04:00 |
class | vulnerability |
contributors | name | Dragos Prisaca | organization | Symantec Corporation |
|
definition_extensions | comment | Microsoft Windows 7 (32-bit) is installed | oval | oval:org.mitre.oval:def:6165 |
comment | Microsoft Windows 7 x64 Edition is installed | oval | oval:org.mitre.oval:def:5950 |
comment | Microsoft Windows Server 2008 R2 x64 Edition is installed | oval | oval:org.mitre.oval:def:6438 |
comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed | oval | oval:org.mitre.oval:def:5954 |
comment | Microsoft Windows 7 (32-bit) Service Pack 1 is installed | oval | oval:org.mitre.oval:def:12292 |
comment | Microsoft Windows 7 x64 Service Pack 1 is installed | oval | oval:org.mitre.oval:def:12627 |
comment | Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed | oval | oval:org.mitre.oval:def:12567 |
comment | Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed | oval | oval:org.mitre.oval:def:12583 |
|
description | Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." |
family | windows |
id | oval:org.mitre.oval:def:12936 |
status | accepted |
submitted | 2011-08-09T13:00:00 |
title | Data Access Components Insecure Library Loading Vulnerability |
version | 72 |
Seebug
bulletinFamily | exploit |
description | Bugtraq ID: 49026 CVE ID:CVE-2011-1975 Microsoft Windows是一款流行的操作系统。 Window数据访问跟踪组件不安全装载库,攻击者可以诱使用户在远程WebDAV或SMB共享上打开Microsoft Excel(.xlsx) 文件,可以以用户安全上下文装载任意库。 Microsoft Windows Server 2008 Standard Edition X64 Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition Release Candidate Microsoft Windows Server 2008 Standard Edition R2 SP1 Microsoft Windows Server 2008 Standard Edition R2 Microsoft Windows Server 2008 Standard Edition Itanium Microsoft Windows Server 2008 Standard Edition Microsoft Windows Server 2008 Standard Edition - Sp2 Web Microsoft Windows Server 2008 Standard Edition - Sp2 Storage Microsoft Windows Server 2008 Standard Edition - Sp2 Hpc Microsoft Windows Server 2008 Standard Edition - Gold Web Microsoft Windows Server 2008 Standard Edition - Gold Storage Microsoft Windows Server 2008 Standard Edition - Gold Standard Microsoft Windows Server 2008 Standard Edition - Gold Itanium Microsoft Windows Server 2008 Standard Edition - Gold Hpc Microsoft Windows Server 2008 Standard Edition - Gold Enterprise Microsoft Windows Server 2008 Standard Edition - Gold Datacenter Microsoft Windows Server 2008 Standard Edition - Gold Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 Microsoft Windows Server 2008 R2 Standard Edition Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 Enterprise Edition Microsoft Windows Server 2008 R2 Datacenter SP1 Microsoft Windows Server 2008 R2 Datacenter Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems R2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems R2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 Enterprise Edition SP2 Microsoft Windows Server 2008 Enterprise Edition Release Candidate Microsoft Windows Server 2008 Enterprise Edition Microsoft Windows Server 2008 Datacenter Edition SP2 Microsoft Windows Server 2008 Datacenter Edition Release Candidate Microsoft Windows Server 2008 Datacenter Edition Microsoft Windows Server 2008 SP2 Beta Microsoft Windows Server 2008 - Sp2 Enterprise X64 Microsoft Windows Server 2008 R2 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for Itanium-based Systems SP1 Microsoft Windows 7 for Itanium-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx |
id | SSV:20835 |
last seen | 2017-11-19 |
modified | 2011-08-10 |
published | 2011-08-10 |
reporter | Root |
title | Microsoft Windows数据访问组件DLL装载任意代码执行漏洞 |