Microsoft Windows数据访问组件DLL装载任意代码执行漏洞

Bugtraq ID: 49026 CVE ID：CVE-2011-1975 Microsoft Windows是一款流行的操作系统。 Window数据访问跟踪组件不安全装载库，攻击者可以诱使用户在远程WebDAV或SMB共享上打开Microsoft Excel(.xlsx) 文件，可以以用户安全上下文装载任意库。 Microsoft Windows Server 2008 Standard Edition X64 Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition Release Candidate Microsoft Windows Server 2008 Standard Edition R2 SP1 Microsoft Windows Server 2008 Standard Edition R2 Microsoft Windows Server 2008 Standard Edition Itanium Microsoft Windows Server 2008 Standard Edition Microsoft Windows Server 2008 Standard Edition - Sp2 Web Microsoft Windows Server 2008 Standard Edition - Sp2 Storage Microsoft Windows Server 2008 Standard Edition - Sp2 Hpc Microsoft Windows Server 2008 Standard Edition - Gold Web Microsoft Windows Server 2008 Standard Edition - Gold Storage Microsoft Windows Server 2008 Standard Edition - Gold Standard Microsoft Windows Server 2008 Standard Edition - Gold Itanium Microsoft Windows Server 2008 Standard Edition - Gold Hpc Microsoft Windows Server 2008 Standard Edition - Gold Enterprise Microsoft Windows Server 2008 Standard Edition - Gold Datacenter Microsoft Windows Server 2008 Standard Edition - Gold Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 Microsoft Windows Server 2008 R2 Standard Edition Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 Enterprise Edition Microsoft Windows Server 2008 R2 Datacenter SP1 Microsoft Windows Server 2008 R2 Datacenter Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems R2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems R2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 Enterprise Edition SP2 Microsoft Windows Server 2008 Enterprise Edition Release Candidate Microsoft Windows Server 2008 Enterprise Edition Microsoft Windows Server 2008 Datacenter Edition SP2 Microsoft Windows Server 2008 Datacenter Edition Release Candidate Microsoft Windows Server 2008 Datacenter Edition Microsoft Windows Server 2008 SP2 Beta Microsoft Windows Server 2008 - Sp2 Enterprise X64 Microsoft Windows Server 2008 R2 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for Itanium-based Systems SP1 Microsoft Windows 7 for Itanium-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息： http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx