Vulnerabilities > CVE-2011-2009 - Unspecified vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus
NVD
Published: 2011-10-12
Updated: 2023-12-07

Summary

Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
6
Application
Microsoft
1

Msbulletin

bulletin_idMS11-076
bulletin_url
date2011-10-11T00:00:00
impactRemote Code Execution
knowledgebase_id2604926
knowledgebase_url
severityImportant
titleVulnerability in Windows Media Center Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS11-076.NASL
descriptionThe remote Windows host contains a version of Windows Media Center that fails to properly restrict the path used for loading external libraries. If an attacker can trick a user into opening a file that resides in the same directory as a specially crafted DLL file, he can leverage this issue to execute arbitrary code in that DLL file subject to the user
last seen2020-06-01
modified2020-06-02
plugin id56450
published2011-10-11
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/56450
titleMS11-076: Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

Oval

accepted2011-11-28T04:00:17.791-05:00
classvulnerability
contributors
nameDragos Prisaca
organizationSymantec Corporation
definition_extensions
  • commentMicrosoft Windows Vista (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6124
  • commentMicrosoft Windows Vista x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5594
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows 7 (32-bit) Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12292
  • commentMicrosoft Windows 7 x64 Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12627
descriptionUntrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability."
familywindows
idoval:org.mitre.oval:def:12934
statusaccepted
submitted2011-10-11T13:00:00
titleMedia Center Insecure Library Loading Vulnerability
version71

References