CVE-2011-0038

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 8

Description The issue allows local users to gain privileges via a Trojan horse IEShims.dll in the current working directory. A remote code execution vulnerability exists in the way that Internet Explorer handles the loading of DLL files. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of an affected system, then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Internet Explorer version 8, as a temporary workaround, consider restricting the loading of DLL files from untrusted locations to minimize the risk of exploitation. Avoid using the current working directory to load DLL files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.