CVE-2011-4434
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
23.8%
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_server_2008 | r2 | cpe:/o:microsoft:windows_server_2008:r2::: |
| microsoft | windows_7 | cpe:/o:microsoft:windows_7:::: | |
| microsoft | windows_server_2008 | r2 | cpe:/o:microsoft:windows_server_2008:r2:sp1:: |
| microsoft | windows_7 | - | cpe:/o:microsoft:windows_7:-:sp1:: |
| microsoft | windows_7 | - | cpe:/o:microsoft:windows_7:-::: |
References
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
23.8%