CVE-2011-0032 : Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1

Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."

Published 2011-03-09 23:00:02

Updated 2025-04-11 00:51:22

Source Microsoft Corporation

View at NVD, CVE.org

Products affected by CVE-2011-0032

Microsoft » Windows Vista » Update SP2
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » X32 Edition
cpe:2.3:o:microsoft:windows_vista:*:*:x32:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » X64 Edition
cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Vista » Update SP1
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 X64 Edition
cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1 X86 Edition
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1 X64 Edition
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
Matching versions
Microsoft » Windows Media Center Tv Pack
cpe:2.3:a:microsoft:windows_media_center_tv_pack:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-0032

EPSS FAQ

43.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-0032

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2011-0032

http://www.securityfocus.com/bid/46682

Microsoft DirectShow DLL Loading Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/43626

Sign in

CVEs referencing this url
http://www.vupen.com/english/advisories/2011/0615

Webmail | OVH- OVH

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA11-067A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12506

Repository / Oval Repository
http://www.securitytracker.com/id?1025170

Microsoft DirectShow DLL Loading Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://osvdb.org/71015
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-015

Microsoft Security Bulletin MS11-015 - Critical | Microsoft Docs

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2011-0032

Products affected by CVE-2011-0032

Exploit prediction scoring system (EPSS) score for CVE-2011-0032

CVSS scores for CVE-2011-0032

References for CVE-2011-0032