CVE-2011-4434

Description

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.

Related CPE's

omicrosoftwindows_server_2008r2*******

omicrosoftwindows_7-sp1x86*****

omicrosoftwindows_7-*******

omicrosoftwindows_7********

omicrosoftwindows_server_2008r2sp1******

omicrosoftwindows_7-sp1x64*****

References

2532445

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:N/I:P/A:P

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

3.5999999046325684

Created by Yello
About Severity.io