CVE-2011-1975 — Microsoft Windows Server 2008 vulnerability

2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

43.8%

top 2.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedAug 10

Latest updateMay 13

Description

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-5r5x-2r9f-h4ph: Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6↗2022-05-13

▶