CVE-2011-2009

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows 7 Gold and SP1 Windows Media Center TV Pack for Windows Vista

Description A remote code execution issue exists in the way Windows Media Center handles the loading of DLL files, allowing an attacker to take complete control of an affected system. This could enable the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Windows Vista SP2, update to a version that includes the fix for this issue. For Microsoft Windows 7 Gold and SP1, update to a version that includes the fix for this issue. For Windows Media Center TV Pack for Windows Vista, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the loading of DLL files from untrusted locations to minimize the risk of exploitation.