CVE-2011-0107
published 2011-04-13CVE-2011-0107: Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
11.11%
95.4th percentile
Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| attachmate | reflection_for_hp | — | — |
| attachmate | reflection_for_hp | — | — |
| attachmate | reflection_for_ibm | — | — |
| attachmate | reflection_for_ibm | — | — |
| attachmate | reflection_for_regis_graphics_server | — | — |
| attachmate | reflection_for_regis_graphics_server | — | — |
| attachmate | reflection_for_unix_and_openvms | — | — |
| attachmate | reflection_for_unix_and_openvms | — | — |
| attachmate | reflection_x | — | — |
| attachmate | reflection_x | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2x9r-7w9v-hwjw: Untrusted search path vulnerability in Attachmate Reflection before 14
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2011-5157 [CRITICAL] GHSA-2x9r-7w9v-hwjw: Untrusted search path vulnerability in Attachmate Reflection before 14
Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-vf94-hmfp-f8r7: Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Troja
ghsa_unreviewed·2022-05-14
CVE-2011-0107 [HIGH] GHSA-vf94-hmfp-f8r7: Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Troja
Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
Red Hat
kernel: jbd2: unmapped buffer with _Unwritten or _Delay flags set can lead to DoS
vendor_redhat·2012-01-25·CVSS 4.9
CVE-2011-4086 [MEDIUM] kernel: jbd2: unmapped buffer with _Unwritten or _Delay flags set can lead to DoS
kernel: jbd2: unmapped buffer with _Unwritten or _Delay flags set can lead to DoS
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
Statement: This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0107.html, https://rhn.redhat.com/errata/RHSA-2012-0571.html, and https://rhn.redhat.com/errata/RHSA-2012-0670.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, theref
Red Hat
kernel: possible privilege escalation via SG_IO ioctl
vendor_redhat·2011-12-22·CVSS 4.6
CVE-2011-4127 [MEDIUM] CWE-284 kernel: possible privilege escalation via SG_IO ioctl
kernel: possible privilege escalation via SG_IO ioctl
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
Statement: This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0107.html, https://rhn.redhat.com/errata/RHSA-2011-1849.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/upda
Red Hat
kernel: ext4: ext4_ext_insert_extent() kernel oops
vendor_redhat·2011-09-28·CVSS 4.0
CVE-2011-3638 [MEDIUM] kernel: ext4: ext4_ext_insert_extent() kernel oops
kernel: ext4: ext4_ext_insert_extent() kernel oops
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the upstream commit 667eff35 that addressed this issue. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2012-0107.html and https://rhn.redhat.com/errata/RHSA-2011-1530.html.
Package: kern
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/71767http://secunia.com/advisories/44015http://www.fortiguard.com/advisory/FGA-2011-13.htmlhttp://www.securityfocus.com/bid/47246http://www.securitytracker.com/id?1025343http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlhttp://www.vupen.com/english/advisories/2011/0942https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12655http://osvdb.org/71767http://secunia.com/advisories/44015http://www.fortiguard.com/advisory/FGA-2011-13.htmlhttp://www.securityfocus.com/bid/47246http://www.securitytracker.com/id?1025343http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlhttp://www.vupen.com/english/advisories/2011/0942https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-023https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12655
2011-04-13
Published