MS11-025 - Important : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote


Extraordinary Robot
News Feed
Severity Rating: Important
Revision Note: V4.0 (August 9, 2011): Added Microsoft Visual Studio 2010 Service Pack 1 (KB2565057) and Microsoft Visual C++ 2010 Redistributable Package Service Pack 1 (KB2565063) as Affected Software. See the update FAQ for details. Also corrected the file verification information for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package, Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package, and Microsoft Visual C++ 2010 Redistributable Package.
Summary: This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application.


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.