Andy Cooper

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer 9 versions on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 **Description** The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. A remote code execution vulnerability exists in the way that Internet Explorer handles the loading of DLL files. An attacker who successfully exploited this issue could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1, consider restricting the loading of DLL files from untrusted directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.