MS11-075: Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
High Nessus Plugin ID 56449
SynopsisThe remote Windows host contains a component that could allow remote code execution.
DescriptionThe remote Windows host contains a version of the Microsoft Active Accessibility component that fails to properly restrict the path used for loading external libraries.
If an attacker can trick a user into opening a file that resides in the same directory as a specially crafted DLL file, he can leverage this issue to execute arbitrary code in that DLL file subject to the user's privileges.
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.