11.327.2011 - MS11-025 - Important : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version: 4.1

Severity Rating: Important Revision Note: V4.1 (November 23, 2011): Corrected the installation switches and switch tables for Microsoft Visual C++ 2010 Redistributable Package and Microsoft Visual C++ 2010 Redistributable Package Service Pack 1. This is an informational change only. Summary: This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application. - View Microsoft Security Bulletin MS11-025 - View Microsoft Knowledge Base Article - on: 4. - Visit Microsoft Corporation