Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » MS11-025

Overview

Id MS11-025
Name MS11-025 2500212 2538242 Security Update for VC++ 2005 Redist. Package (64Bit) (All Languages) (re-released 06/14/11)
Vendor Name microsoft
Product Windows 2K3SP1,Windows 2K3SP2,Windows 2K8SP1,Windows 2K8SP2,Windows VISTASP0,Windows VISTASP1,Windows VISTASP2,Windows 7SP0,Windows 7SP1,Windows XPSP1,Windows XPSP2
Content Type Critical - 01 Critical - 01
Language(s) ENGLISH 
Operating System(s) Windows 
Released On 14 Jun 2011 12:00:00

MS11-025

MS11-025 2500212 2538242 Security Update for VC++ 2005 Redist. Package (64Bit) (All Languages) (re-released 06/14/11)

Vendor Name

microsoft

Product

Windows 2K3SP1,Windows 2K3SP2,Windows 2K8SP1,Windows 2K8SP2,Windows VISTASP0,Windows VISTASP1,Windows VISTASP2,Windows 7SP0,Windows 7SP1,Windows XPSP1,Windows XPSP2

Released On

14 Jun 2011 12:00:00

Url

http://support.microsoft.com/kb/2500212

Description

This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application.

Re-release Information:
Microsoft revised this bulletin on 06/14/2011 to address the following issues:

  • International customers with localized applications see certain parts of MFC application resources non-localized. The applications remain functional, but the resources display in English
  • The MFC security fix uses an API that is not supported on Microsoft Windows 2000. When deploying the update on Microsoft Windows 2000 systems, the installation resulted in functionality issues for some applications
  • The update did not install for users with Windows 7 SDK on x64-based architecture
  • Customers who have previously installed this update should install the new packages on the affected systems
  • Related Resources

    Related Vulnerabilities

    CVE-2010-3190  

    Related Patches

    Superseded Patches

    None


    Last Updated: 27 May 2016 11:15:29