Oval Definition:oval:org.mitre.oval:def:13116
Revision Date:2011-11-28Version:45
Title:Active Accessibility Insecure Library Loading Vulnerability
Description:Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2011-1247
Platform(s):Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Vulnerable Microsoft Windows XP x64/ SP2, x86 SP3, Server 2003 x86/x64/ia64 SP2. After the patch was applied the file version did not match with the Microsoft KB article - 7.0.3790.4909.
  • Windows XP x64/ SP2, x86 SP3, Server 2003 x86/x64/ia64 SP2
  • Microsoft Windows XP (x86) SP3 is installed
  • OR Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND the version of Oleacc.dll is less than 7.0.2600.6153
  • OR Vulnerable Windows Vista x86/x64 SP2, Server 2008 x86/64/ia64 SP2
  • Windows Vista x86/x64 SP2, Server 2008 x86/64/ia64 SP2
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND GDR or LDR Service branch
  • the version of Oleacc.dll is less than 7.0.6002.18508
  • OR LDR
  • the version of Oleacc.dll is less than 7.0.6002.22706
  • AND the version of Oleacc.dll is greater than or equal to 7.0.6002.22000
  • OR Vulnerable Windows 7 x86/x64, Windows 2008 R2 x64/ia64
  • Microsoft Windows 7 32-bit/x64, Server 2008 R2 x64/Itanium
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND GDR or LDR Service branch
  • The version of Oleaut32.dll is less than 6.1.7600.16872
  • OR LDR
  • The version of Oleaut32.dll is greater than or equal to 6.1.7600.21000
  • AND The version of Oleaut32.dll is less than 6.1.7600.21036
  • OR Vulnerable Microsoft Windows 7 x86/x64 SP1, Windows Server 2008 R2 x64 SP1
  • Vulnerable Microsoft Windows 7 x86/x64 SP1, Windows Server 2008 R2 x64 SP1
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND GDR or LDR Service branch
  • the version of Oleaut32.dll is less than 6.1.7601.17676
  • OR LDR
  • The version of Oleaut32.dll is greater than or equal to 6.1.7601.21000
  • AND the version of Oleaut32.dll is less than 6.1.7601.21802
    • BACK