A vulnerability in Microsoft Active Accessibility component could allow a remote attacker to execute arbitrary code and take control of an affected system.

Microsoft has issued a security update to address a remote code execution vulnerability reported in the Microsoft Active Accessibility component.

The vulnerability is caused by improper path restriction when loading external libraries. It may be exploited by tricking a user into opening a legitimate file located in the same directory as a specially crafted dynamic link library (DLL) file. When the user click to open the file, the Microsoft Active Accessibility component would attempt to load the DLL file and execute any code it contains.

The security update resolves this issue by correcting the way Microsoft Active Accessibility loads external libraries. Users are recommended to install the latest patch to protect their system from potential exploit.

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-075)

Microsoft Security Bulletin MS11-075 (https://technet.microsoft.com/en-us/security/bulletin/ms11-075)