Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Windows vulnerability could allow remote code execution


Report ID: MS201201005
Date Published: 11 January 2012

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

A vulnerability involving ClickOnce, a deployment technology that facilitates the creation of self-updating Windows-based applications, could allow an attacker to execute arbitrary code and take control of an affected system.



Detailed Description

Microsoft has released a security update for Windows operating system, which addresses a vulnerability that exists when Windows Packager loads ClickOnce applications embedded in Microsoft Office files. An attacker may exploit the vulnerability by embedding ClickOnce application installers into Microsoft Office documents, and later execute code without user interaction.

This vulnerability issue has been resolved in the update by changing the way that Windows Packager checks for unsafe files. As a protection against potential exploit, users are recommended to install the latest security update for their system.



CVE Reference

CVE-2012-2013



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-005)




Online Virus Scanner

 
Run a quick online virus scan of your computer.