nvd-json-data-feeds/CVE-2011/CVE-2011-19xx/CVE-2011-1975.json

{
  "id": "CVE-2011-1975",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2011-08-10T21:55:01.923",
  "lastModified": "2020-09-28T12:58:30.503",
  "vulnStatus": "Modified",
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n'CWE-426: Untrusted Search Path'",
  "evaluatorImpact": "Per: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx\r\nAccess Vector: Network per \"This is a remote code execution vulnerability\"",
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka \"Data Access Components Insecure Library Loading Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en el componente Data Access Tracing de Windows Data Access Components (Windows DAC) v6.0 de Microsoft Windows 7 Gold y SP1 y Windows Server 2008 R2 y R2 SP1 permite a usuarios locales aumentar privilegios mediante un troyano DLL en el directorio de trabajo actaul, como se ha demostrado en un directorio que contiene un fichero Excel .xlsx. Tambi\u00e9n se conoce como \"Vulnerabilidad de carga insegura de biblioteca de Data Access Components\""
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
              "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html",
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ]
    },
    {
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-059",
      "source": "secure@microsoft.com"
    },
    {
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12936",
      "source": "secure@microsoft.com"
    }
  ]
}