Intrusion Prevention



This indicates a possible attack against a remote code execution vulnerability in Microsoft Windows applications in the way the applications load external libraries.
When the vulnerable application loads a DLL file without specifying a fully qualified path name, Windows will try to locate the DLL by searching a defined set of directories which could lead to arbitrary code execution.

Affected Products

Microsoft Windows system with webclient service on


System compromise

Recommended Actions

Refer to the vendor's advisory: