Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0016

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-0016
Last Modified 06 Mar 2013 11:50:22
Published 13 Mar 2012 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0016

Summary

Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability."

Vulnerable Systems

Application

  • Microsoft Expression Design -

  • Microsoft Expression Design 2

  • Microsoft Expression Design 3

  • Microsoft Expression Design 4


References

MS - MS12-022

CERT - TA12-073A

Related Patches

MS12-022 Security Update for Expression Design 2 (KB2667725)

MS12-022 Security Update for Expression Design 1 Service Pack 1 (KB2667724)

MS12-022 Security Update for Expression Design 1 (KB2675064)

MS12-022 2651018 2667725 Security Update for Microsoft Expression Design 2 (All Languages) (See Note)


Last Updated: 27 May 2016 10:57:28