{
  "id": "CVE-2011-2019",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2011-12-14T00:55:01.323",
  "lastModified": "2024-11-21T01:27:29.583",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka \"Internet Explorer Insecure Library Loading Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en Microsoft Internet Explorer v9 en Windows Server 2008 R2 y R2 SP1 y Windows 7 Gold y SP1 permite a usuarios locales conseguir privilegios a trav\u00e9s de un DLL troyano en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo HTML. Se trata de un problema tambi\u00e9n conocido como \"Vulnerabilidad de carga de librer\u00eda insegura en Internet Explorer Biblioteca\"."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "baseScore": 9.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:-:*:*:*:*:*:*",
              "matchCriteriaId": "A9408620-06A8-4A3C-97C8-41A688282E3D"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html",
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    },
    {
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-099",
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13884",
      "source": "secure@microsoft.com",
      "tags": [
        "Tool Signature"
      ]
    },
    {
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    },
    {
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-099",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13884",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Tool Signature"
      ]
    }
  ],
  "evaluatorComment": "Per: http://technet.microsoft.com/en-us/security/bulletin/ms11-099\n\n'FAQ for Internet Explorer Insecure Library Loading Vulnerability - CVE-2011-2019\n\nWhat is the scope of the vulnerability? \nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.'"
}