vulnerability announce CVE-2011-1975
Microsoft DAC, Excel: code execution via DLL Preload
Synthesis of the vulnerability
An attacker can use a malicious DLL in order to execute code in Data Access Components, when an Excel file is opened.Impacted products: Office
, Windows 2008
, Windows 7
2560656, BID-49026, CVE-2011-1975, MS11-059, VIGILANCE-VUL-10897.
Description of the vulnerability
Microsoft Windows Data Access Components offer database features.
The Microsoft Excel program loads a DLL library via Windows DAC 6.0 when it starts.
However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.
An attacker can therefore use a malicious DLL in order to execute code in Data Access Components, when an Excel file is opened.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerability alert
. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.