Home / bulletins MS11-075 - Important : Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699) - Version: 1.2
Posted on 26 October 2011
ImportantSeverity Rating: Important
Revision Note: V1.2 (October 25, 2011): Revised the update file names for 32-bit and x64-based editions of Windows XP and Windows Server 2003, in accordance with the schema documented in Microsoft Knowledgebase Article KB816915. This is a change to file names only. There were no changes to the detection logic or update content. Customers who have already successfully installed this update do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.Other versions
- MS11-075 - Version: 1.0
- MS11-075 - Version: 1.1
- MS11-075 - Version: 1.2
