CVE-2011-0032

critical Microsoft
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
47.1%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: March 9, 2011 (5545 days ago)
Last Modified: April 29, 2026
Vendor: Microsoft
Source: NVD

Description

Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."

CWE

NVD-CWE-Other

Affected Products

microsoft windows 7microsoft windows server 2008microsoft windows vistamicrosoft windows media center tv pack

References

🔗 osvdb.org 🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov