Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Active Accessibility vulnerability could allow remote code execution


Report ID: MS201110001
Date Published: 12 October 2011

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

A vulnerability in Microsoft Active Accessibility component could allow a remote attacker to execute arbitrary code and take control of an affected system.



Detailed Description

Microsoft has issued a security update to address a remote code execution vulnerability reported in the Microsoft Active Accessibility component.

The vulnerability is caused by improper path restriction when loading external libraries. It may be exploited by tricking a user into opening a legitimate file located in the same directory as a specially crafted dynamic link library (DLL) file. When the user click to open the file, the Microsoft Active Accessibility component would attempt to load the DLL file and execute any code it contains.

The security update resolves this issue by correcting the way Microsoft Active Accessibility loads external libraries. Users are recommended to install the latest patch to protect their system from potential exploit.



CVE Reference

CVE-2011-1247



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-075)




Online Virus Scanner

 
Run a quick online virus scan of your computer.