CVE-2011-1975

Name of the Vulnerable Software and Affected Versions Microsoft Windows Data Access Components (Windows DAC) 6.0 versions in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. A remote code execution vulnerability exists in the way that the Windows Data Access Tracing component handles the loading of DLL files, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows 7 Gold and SP1, update to a version that includes the fix for this issue. For Windows Server 2008 R2 and R2 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the loading of DLL files from untrusted directories to minimize the risk of exploitation.