Home / bulletins MS11-025 - Important: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version:3.0
Posted on 14 June 2011
There is an newer version: MS11-025 - Version: 4.3
ImportantSeverity Rating: Important - Revision Note: V3.0 (June 14, 2011): Reoffered the update for Microsoft Visual Studio 2005 Service Pack 1, Microsoft Visual Studio 2008 Service Pack 1, Microsoft Visual Studio 2010, Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package, and Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package. Customers who have previously installed this update should install the new packages on the affected systems.Summary: This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application.
Other versions
- MS11-025 - Version: 1.1
- MS11-025 - Version: 2.0
- MS11-025 - Version: 2.1
- MS11-025 - Version: 3.0
- MS11-025 - Version: 4.0
- MS11-025 - Version: 4.1
- MS11-025 - Version: 4.2
- MS11-025 - Version: 4.3
