Security 10816 Published by

Microsoft updated the following security bulletin:

- MS11-025 - Important: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version:2.0



MS11-025 - Important: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version:2.0
Severity Rating: Important - Revision Note: V2.0 (April 21, 2011): Rereleased bulletin to reoffer the updates to address a detection issue. There were no changes to the security update files in this bulletin. Customers who have already successfully updated their systems do not need to reinstall this update.

Summary: This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application.
Read more