Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0013

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-0013
Last Modified 06 Mar 2013 11:50:21
Published 10 Jan 2012 04:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0013

Summary

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 7 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Vista

  • Microsoft Windows Xp


References

MS - MS12-005

SECTRACK - 1026497

BID - 51284

SECUNIA - 47480

CERT - TA12-010A

Related Patches

MS12-005 Security Update for Windows 7 (KB2584146)

MS12-005 Security Update for Windows Server 2003 (KB2584146)

MS12-005 Security Update for Windows Vista (KB2584146)

MS12-005 Security Update for Windows XP (KB2584146)

MS12-005 Security Update for Windows Server 2008 (KB2584146)

MS12-005 Security Update for Windows Server 2008 x64 (KB2584146)

MS12-005 Security Update for Windows Server 2008 R2 x64 (KB2584146)

MS12-005 Security Update for Windows Server 2003 x64 (KB2584146)

MS12-005 Security Update for Windows Vista x64 (KB2584146)

MS12-005 Security Update for Windows 7 x64 (KB2584146)


Last Updated: 27 May 2016 10:57:19