Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

ActiveX Kill Bits cumulative security update


Report ID: MS201112004
Date Published: 14 December 2011

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

A vulnerability in the Microsoft Time component could be exploited by an attacker to execute code and take control of an affected system.



Detailed Description

Microsoft has released a security update to address a remote code execution vulnerability in the Microsoft Time component. The vulnerability could be exploited by making a user view a specially crafted web page through Internet Explorer (IE). The binary behavior used in IE may corrupt the system state in such a way that could allow arbitrary code execution.

This issue has been resolved in the update by setting the kill bit for class identifiers hosted in datime.dll library files, which disables the binary behavior. Users are recommended to install the latest update to protect their system from potential exploit.



CVE Reference

CVE-2011-3397



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-090)



Online Virus Scanner

 
Run a quick online virus scan of your computer.