Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4434

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2011-4434
Last Modified 15 Nov 2011 12:00:00
Published 11 Nov 2011 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-4434

Summary

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.

Vulnerable Systems

Operating System

  • Microsoft Windows 7

  • Microsoft Windows 7 -

  • Microsoft Windows Server 2008 R2


References

MSKB - 2532445


Last Updated: 27 May 2016 10:57:48