en

‫ Microsoft Expression Design Insecure Library Loading Vulnerability

IRCAD2012031779
ID: IRCAD2012031779
Release Date: 2012-03-13
Criticality level: Highly critical
 
Software:
Microsoft Expression Design 1
Microsoft Expression Design 2
Microsoft Expression Design 3
Microsoft Expression Design 4
 
Description:
A vulnerability has been reported in Microsoft Expression Design, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading certain libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a .xpr or .DESIGN file located on a remote WebDAV or SMB share.
Successful exploitation allows execution of arbitrary code.
 
Solution
Apply patches.
 
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
Remote Code Execution
 
References:
MS12-022 (KB2651018, KB2675064, KB2667724, KB2667725, KB2667727, KB2667730):
 
Secunia:
 
 

The Wall

No comments
You need to sign in to comment