Intrusion Prevention

MS.Windows.Insecure.Library.Loading.Code.Execution

Description

This indicates a possible attack against a remote code execution vulnerability in Microsoft Windows applications in the way the applications load external libraries.
When the vulnerable application loads a DLL file without specifying a fully qualified path name, Windows will try to locate the DLL by searching a defined set of directories which could lead to arbitrary code execution.

Affected Products

Microsoft Windows system with webclient service on

Impact

System compromise

Recommended Actions

Refer to the vendor's advisory:
http://www.microsoft.com/technet/security/advisory/2269637.mspx