Windows Object Packager vulnerability could allow remote code execution
Report ID: MS201201002
Date Published: 11 January 2012
Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote
Affected Product/Component:
Windows XP
Windows Server 2003
Summary
A vulnerability in Microsoft Windows, involving the way that Windows registers and uses Windows Object Packager, could lead to arbitrary code execution on an affected system.
Detailed Description
Microsoft has released a security update to address a vulnerability that exists due to the way that Windows registers and uses Windows Object Packager. Upon successful exploit, an attacker could be able to execute arbitrary code and take complete control of an affected system.
This vulnerability has been addressed in the latest update, which introduces a correction on the registry key associated with the Windows Object Packager. Users are recommended to patch their machine with this update as a protection against potential exploit.
CVE Reference
CVE-2012-0009
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-002)
