Oval Definition:oval:org.mitre.oval:def:12936
Revision Date:2011-09-26Version:44
Title:Data Access Components Insecure Library Loading Vulnerability
Description:Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-1975
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis
  • Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium
  • Windows 7 x86/x64, Windows Server 2008 R2 x64/Itanium
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND GDR or LDR Service branch
  • Odbccp32.dll version is less than 6.1.7600.16833
  • OR LDR
  • Odbccp32.dll version is greater than or equal 6.1.7600.20000
  • AND Odbccp32.dll version is less than 6.1.7600.20987
  • OR Vulnerable Microsoft Windows 7 x86/x64 sp1/sp1, Windows Server 2008 R2 x64/Itanium SP1/SP1
  • Windows 7 x86/x64 sp1/sp1, Windows Server 2008 R2 x64/Itanium SP1/SP1
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND GDR or LDR Service branch
  • Odbccp32.dll version is less than 6.1.7601.17632
  • OR LDR
  • Odbccp32.dll version is greater than or equal 6.1.7601.21000
  • AND Odbccp32.dll version is less than 6.1.7601.21747
    • BACK