An error occurred:

Check: 2011-B-0101

windows 7 iavm: 2011-B-0101 (in version v1 r32)

Title

Microsoft Windows Data Access Components Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in Windows Data Access Components (DAC). Windows Data Access Components are a set of technologies included Microsoft ActiveX Data Objects (ADO), OLE DB, and Microsoft Open Database Connectivity (ODBC) to provide access to information across the enterprise. To exploit this vulnerability, an attacker would entice a user to open a legitimate Excel file that is located in the same network directory as a malicious dynamic link library (DLL) file. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise affected systems. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Data Access Components Insecure Library Loading Vulnerability - (CVE-2011-1975): A remote code execution vulnerability exists in the way that the Windows Data Access Tracing component handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-059 (2560656). Vulnerable Applications/Systems: Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Msdaosp.dll Windows 7 / 2008 R2 – 6.1.7600.16833 or 20987 Windows 7 SP1 / 2008 R2 SP1 – 6.1.7601.17632 or 21747

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-29783

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check