Summary
This host is missing a critical security update according to Microsoft Bulletin MS11-002.
Impact
Successful exploitation will allow the attacker to execute arbitrary code on the targeted system.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS11-002.mspx
Insight
The flaws are due to:
- A buffer overflow error in the Data Source Name (DSN) argument of an Open Database Connectivity (ODBC) API that may be used by third-party applications, which could allow attackers to execute arbitrary code by convincing a user to visit a specially crafted web page.
- A memory corruption error in the Microsoft Data Access Components (MDAC) when handling internal data structures, which could be exploited by remote attackers to execute arbitrary code via a specially crafted web page.
Affected
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
References
Severity
Classification
-
CVE CVE-2011-0026, CVE-2011-0027 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
- Microsoft Excel Remote Code Execution Vulnerabilities (968557)
- Buffer Overrun in Messenger Service (828035)
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))