Executive Summary

Summary
TitleVulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)
Informations
NameMS11-085First vendor Publication2011-11-08
VendorMicrosoftLast vendor Modification2011-11-08
Severity (Vendor) ImportantRevision 1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important

Revision Note: V1.0 (November 8, 2011): Bulletin published.

Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS11-085

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14028
 
Oval ID: oval:org.mitre.oval:def:14028
Title: Windows Mail Insecure Library Loading Vulnerability
Description: Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2016
Version: 7
Platform(s): Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3
Os7
Os2

OpenVAS Exploits

DateDescription
2011-11-09Name : Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2...
File : nvt/secpod_ms11-085.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
76901Microsoft Windows Mail / Windows Meeting Space Path Subversion Arbitrary DLL ...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2011-11-10IAVM : 2011-B-0135 - Microsoft Windows Mail and Windows Meeting Space Remote Code Execution Vulner...
Severity : Category II - VMSKEY : V0030608

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Windows Address Book wab32res.dll dll-load exploit attempt
RuleID : 20542 - Revision : 3 - Type : WEB-CLIENT
2014-01-10Microsoft Windows Address Book wab32res.dll dll-load exploit attempt
RuleID : 20541 - Revision : 3 - Type : NETBIOS
2014-01-10Microsoft Windows Address Book request for msoeres32.dll over SMB attempt
RuleID : 18207 - Revision : 16 - Type : OS-WINDOWS
2014-01-10Microsoft Windows Address Book request for wab32res.dll over SMB attempt
RuleID : 18206 - Revision : 17 - Type : OS-WINDOWS
2014-01-10Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt
RuleID : 18205 - Revision : 16 - Type : OS-WINDOWS
2014-01-10Microsoft Windows Address Book wab32res.dll dll-load exploit attempt
RuleID : 18204 - Revision : 17 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

DateDescription
2011-11-08Name : The remote Windows host is affected by a remote code execution vulnerability.
File : smb_nt_ms11-085.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2016-04-26 23:05:06
  • Multiple Updates
2014-02-17 11:47:09
  • Multiple Updates
2014-01-19 21:30:45
  • Multiple Updates
2013-11-11 12:41:25
  • Multiple Updates