Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Vulnerabilities in Microsoft Windows Components Can Allow Remote Code Execution


Microsoft Security Bulletin MS11-071CVE-2011-1991 )

Summary


A remote code execution vulnerability has been reported in the way that certain Windows components handle the loading of DLL files. A remote attacker could exploit this issue to execute arbitrary code in an affected system. Check Point's IPS Software Blade protects networks against this vulnerability.

Details


This issue is an instance of the "insecure library loading" class of vulnerability, where an application passes an insufficiently qualified path to Windows when attempting to load a dynamic library.  An attacker could convince a user to open a legitimate rich text file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a maliciously crafted dynamic link library (DLL) file. Successful exploitation of this vulnerability can allow an attacker to gain the same user rights as the local user and take control of the targeted system.

Affected Products


The following versions of Windows are affected by these issues:
  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems, original release and Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems, original release and Service Pack 1
     

Solution


The Check Point IPS Software Blade provides immediate network protection against this vulnerability in the latest IPS update by detecting and blocking the transferal of suspicious DLL files via SMB and WebDAV protocols. For more information, see CPAI-2011-407.

 

Originally Published:

Last Updated: 13-Sep-2011

Legal Notice for Threat Center Advisories