CVE-2011-2016

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 7 Gold Microsoft Windows 7 SP1

Description A vulnerability exists in the way Windows Mail and Windows Meeting Space handle the loading of DLL files, allowing for remote code execution. This could enable an attacker to gain complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. The issue can be exploited by a local user via a Trojan horse DLL in the current working directory, for example, a directory containing a .eml or .wcinv file.

Recommendations For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 R2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 Gold, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk.