Windows Mail and Windows Meeting Space vulnerability could allow remote code execution
Report ID: MS201111003
Date Published: 10 November 2011
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Summary
A vulnerability in Windows Mail and Windows Meeting Space, involving the loading of DLL files, could allow an attacker to execute arbitrary code from a remote location.
Detailed Description
Microsoft has issued a security update that addresses a vulnerability in Windows Mail and Windows Meeting Space. The vulnerability exists when the path used for loading external libraries is not properly restricted. Upon successful exploit, a remote attacker could execute arbitrary code and take control of the affected system.
The latest security update introduces correction on the way that Windows Mail and Windows Meeting Space load external libraries. As a protection against potential exploit, users are recommended to install this latest upate.
CVE Reference
CVE-2011-2016
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-085)
