Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-059.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code by tricking a user into opening a Microsoft Excel file (.xlsx) located on a remote WebDAV or SMB share. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx

Insight

The flaws are due when the Windows Data Access Tracing component incorrectly restricts the path used for loading external libraries.

Affected

Microsoft Windows 7 Service Pack 1 and prior.

References

http://secunia.com/advisories/45246
http://support.microsoft.com/kb/2560656
http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx
http://www.sophos.com/support/knowledgebase/article/113981.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1975
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
Cumulative Security Update for Internet Explorer (931768)
Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

Take action and discover your vulnerabilities