CVE-2011-1975

2011-08-1021:55:01

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

High

EPSS

0.837

Percentile

98.5%

JSON

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka “Data Access Components Insecure Library Loading Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_7Match-

microsoftwindows_7Match-sp1x64

microsoftwindows_7Match-sp1x86

microsoftwindows_server_2008Matchr2itanium

microsoftwindows_server_2008Matchr2x64

VendorProductVersionCPE
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:::::::*
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:sp1:x64:::::*
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:sp1:x86:::::*
microsoft	windows_server_2008	r2	cpe:2.3:o:microsoft:windows_server_2008:r2::itanium:::::
microsoft	windows_server_2008	r2	cpe:2.3:o:microsoft:windows_server_2008:r2::x64:::::