Home

CVE-2011-1975

Description

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka Data Access Components Insecure Library Loading Vulnerability.

Risk Information

Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
43.803

Associated Vulnerability

VulnerabilityOS Platform
ms11-059: vulnerability in data access components could allow remote code execution: august 9, 2011 for Windows 7 (KB2560656) x86 based systemsWindows
ms11-059: vulnerability in data access components could allow remote code execution: august 9, 2011 for Windows 7 (KB2560656) x86 based systems for SP1Windows
ms11-059: vulnerability in data access components could allow remote code execution: august 9, 2011 for Windows 7 for x64-based Systems (KB2560656)Windows
ms11-059: vulnerability in data access components could allow remote code execution: august 9, 2011 for Windows 7 for x64-based Systems (KB2560656) for SP1Windows
ms11-059: vulnerability in data access components could allow remote code execution: august 9, 2011 for Windows Server 2008 R2 x64 Edition (KB2560656)Windows
ms11-059: vulnerability in data access components could allow remote code execution: august 9, 2011 for Windows Server 2008 R2 x64 Edition (KB2560656) for SP1Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-10762Security Update for Windows 7 (KB2560656)
PATCH-10764Security Update for Windows 7 for x64-based Systems (KB2560656)
PATCH-10766Security Update for Windows Server 2008 R2 x64 Edition (KB2560656)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234