Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-059.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code by tricking a user into opening a Microsoft Excel file (.xlsx) located on a remote WebDAV or SMB share. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx

Insight

The flaws are due when the Windows Data Access Tracing component incorrectly restricts the path used for loading external libraries.

Affected

Microsoft Windows 7 Service Pack 1 and prior.

References

http://secunia.com/advisories/45246
http://support.microsoft.com/kb/2560656
http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx
http://www.sophos.com/support/knowledgebase/article/113981.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1975

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DirectShow Remote Code Execution Vulnerability (977935)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
Cumulative Security Update for Internet Explorer (931768)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)
Message Queuing Remote Code Execution Vulnerability (951071)

Take action and discover your vulnerabilities