Lucene search

K
cve[email protected]CVE-2011-4434
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4434

2022-10-0316:15:14
CWE-264
web.nvd.nist.gov
24
cve-2011-4434
microsoft
windows server 2008 r2
windows 7
sp1
applocker
access restrictions
macro
scripting
nvd

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.

Affected configurations

NVD
Node
microsoftwindows_7
OR
microsoftwindows_7Match-
OR
microsoftwindows_7Match-sp1x64
OR
microsoftwindows_7Match-sp1x86
OR
microsoftwindows_server_2008Matchr2
OR
microsoftwindows_server_2008Matchr2sp1

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

Related for CVE-2011-4434