Vulnerabilities > CVE-2011-1975 - Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
critical
nessus
NVD
Published: 2011-08-10
Updated: 2018-10-30

Summary

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part Description Count
OS
Microsoft
7

Msbulletin

bulletin_idMS11-059
bulletin_url
date2011-08-09T00:00:00
impactRemote Code Execution
knowledgebase_id2560656
knowledgebase_url
severityImportant
titleVulnerability in Data Access Components Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS11-059.NASL
descriptionThe version of Microsoft Data Access Components (MDAC) installed on the remote Windows host is affected by a code execution vulnerability. By tricking a user into opening a legitimate Excel file that is in the same directory as a specially crafted library file, a remote, unauthenticated user could execute arbitrary code on the host subject to the privileges of the user running the affected application.
last seen2020-06-01
modified2020-06-02
plugin id55789
published2011-08-09
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/55789
titleMS11-059: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2560656)

Oval

accepted2011-09-26T04:00:18.564-04:00
classvulnerability
contributors
nameDragos Prisaca
organizationSymantec Corporation
definition_extensions
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
  • commentMicrosoft Windows 7 (32-bit) Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12292
  • commentMicrosoft Windows 7 x64 Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12627
  • commentMicrosoft Windows Server 2008 R2 x64 Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12567
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12583
descriptionUntrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
familywindows
idoval:org.mitre.oval:def:12936
statusaccepted
submitted2011-08-09T13:00:00
titleData Access Components Insecure Library Loading Vulnerability
version72

Seebug

bulletinFamilyexploit
descriptionBugtraq ID: 49026 CVE ID:CVE-2011-1975 Microsoft Windows是一款流行的操作系统。 Window数据访问跟踪组件不安全装载库,攻击者可以诱使用户在远程WebDAV或SMB共享上打开Microsoft Excel(.xlsx) 文件,可以以用户安全上下文装载任意库。 Microsoft Windows Server 2008 Standard Edition X64 Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition Release Candidate Microsoft Windows Server 2008 Standard Edition R2 SP1 Microsoft Windows Server 2008 Standard Edition R2 Microsoft Windows Server 2008 Standard Edition Itanium Microsoft Windows Server 2008 Standard Edition Microsoft Windows Server 2008 Standard Edition - Sp2 Web Microsoft Windows Server 2008 Standard Edition - Sp2 Storage Microsoft Windows Server 2008 Standard Edition - Sp2 Hpc Microsoft Windows Server 2008 Standard Edition - Gold Web Microsoft Windows Server 2008 Standard Edition - Gold Storage Microsoft Windows Server 2008 Standard Edition - Gold Standard Microsoft Windows Server 2008 Standard Edition - Gold Itanium Microsoft Windows Server 2008 Standard Edition - Gold Hpc Microsoft Windows Server 2008 Standard Edition - Gold Enterprise Microsoft Windows Server 2008 Standard Edition - Gold Datacenter Microsoft Windows Server 2008 Standard Edition - Gold Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 Microsoft Windows Server 2008 R2 Standard Edition Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 Enterprise Edition Microsoft Windows Server 2008 R2 Datacenter SP1 Microsoft Windows Server 2008 R2 Datacenter Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems R2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems R2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 Enterprise Edition SP2 Microsoft Windows Server 2008 Enterprise Edition Release Candidate Microsoft Windows Server 2008 Enterprise Edition Microsoft Windows Server 2008 Datacenter Edition SP2 Microsoft Windows Server 2008 Datacenter Edition Release Candidate Microsoft Windows Server 2008 Datacenter Edition Microsoft Windows Server 2008 SP2 Beta Microsoft Windows Server 2008 - Sp2 Enterprise X64 Microsoft Windows Server 2008 R2 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for Itanium-based Systems SP1 Microsoft Windows 7 for Itanium-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx
idSSV:20835
last seen2017-11-19
modified2011-08-10
published2011-08-10
reporterRoot
titleMicrosoft Windows数据访问组件DLL装载任意代码执行漏洞

References