Microsoft Windows DAO 3.6 Object Library Insecure Library Loading Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
1 Nov 2010
6046
Views
RISK: Medium Risk
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to compromise a vulnerable system.
The vulnerability is caused due to the Data Access Objects library (dao360.dll) loading libraries (e.g. msjet49.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share via an application using the library.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Windows 7
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Storage Server 2003
- Microsoft Windows Vista
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
Solutions
Do not open untrusted files.
Vulnerability Identifier
- No CVE information is available
Source
Share with