Lucene search

K
cve[email protected]CVE-2011-4434
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4434

2022-10-0316:15:14
CWE-264
web.nvd.nist.gov
24
cve-2011-4434
microsoft
windows server 2008 r2
windows 7
sp1
applocker
access restrictions
macro
scripting
nvd

6.1 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

23.7%

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.

Affected configurations

NVD
Node
microsoftwindows_7
OR
microsoftwindows_7Match-
OR
microsoftwindows_7Match-sp1x64
OR
microsoftwindows_7Match-sp1x86
OR
microsoftwindows_server_2008Matchr2
OR
microsoftwindows_server_2008Matchr2sp1

6.1 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

23.7%

Related for CVE-2011-4434