MS11-075  MS11-075 - Important : Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) - Version: 1.2

Version2011-10-25 Severity Rating: Important Revision Note: V1.2 (October 25, 2011): Revised the update file names for 32-bit and x64-based editions of Windows XP and Windows Server 2003, in accordance with the schema documented in Microsoft Knowledgebase Article KB816915. This is a change to file names only. There were no changes to the detection logic or update content. Customers who have already successfully installed this update do not need to take any action. Summary: This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be
Bulletin details at Microsoft.com

Related CVE Entries

CVE-2011-1247

Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
Max CVSS
9.3
EPSS Score
0.18%
Published
2011-10-12
Updated
2023-12-07
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close