فا

‫ Microsoft Expression Design Insecure Library Loading Vulnerability

IRCAD2012031779
ID: IRCAD2012031779
Release Date: 2012-03-13
Criticality level: Highly critical
Software:
Microsoft Expression Design 1
Microsoft Expression Design 2
Microsoft Expression Design 3
Microsoft Expression Design 4
Description:
A vulnerability has been reported in Microsoft Expression Design, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading certain libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a .xpr or .DESIGN file located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
Solution
Apply patches.
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
References:
MS12-022 (KB2651018, KB2675064, KB2667724, KB2667725, KB2667727, KB2667730):
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 اسفند 1390

امتیاز

امتیاز شما
تعداد امتیازها: 0