Home / bulletins MS11-075 - Important : Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) - Version: 1.1
Posted on 13 October 2011
There is an newer version: MS11-075 - Version: 1.2
ImportantSeverity Rating: Important
Revision Note: V1.1 (October 12, 2011): Corrected the bulletin replacement information for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This is an informational change only. There were no changes to the detection logic or the update files.
Summary: This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.Other versions
- MS11-075 - Version: 1.0
- MS11-075 - Version: 1.1
- MS11-075 - Version: 1.2
