Title

Microsoft Active Accessibility Remote Code Execution Vulnerability (Cat II impact)

Discussion

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-075 (2623699). Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional x64 SP2 Windows Server 2003 SP2 (x86, x64, Itanium) Windows Vista SP2 (x86, x64) Windows 2008 SP2 (x86*, x64*, Itanium) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below . Oleacc.dll Windows XP SP3 - 7.0.2600.6153 Windows XP SP2 x64 - 7.0.3790.4909 Windows 2003 SP2- 7.0.3790.4909 Windows Vista / 2008 SP2 - 7.0.6002.18508 or 22706 Windows 7 / 2008 R2 – 7.0.0.0 Windows 7 SP1 / 2008 R2 SP1 – 7.0.0.0

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-30402

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.