CVE-2010-4182

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP Professional version SP3 Microsoft Windows Server 2003 R2 Enterprise Edition version SP3 Microsoft Windows Vista Business version SP1 Microsoft Windows 7 Professional (affected versions not specified)

Description The issue concerns an untrusted search path vulnerability in the Data Access Objects (DAO) library, specifically in the dao360.dll file. This vulnerability allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. The attack can be carried out via a Trojan horse msjet49.dll located in the same folder as a file processed by dao360.dll.

Recommendations For Microsoft Windows XP Professional SP3, update to a newer version to mitigate the risk. For Microsoft Windows Server 2003 R2 Enterprise Edition SP3, update to a newer version to mitigate the risk. For Microsoft Windows Vista Business SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 Professional, at the moment, there is no information about a newer version that contains a fix for this vulnerability.