Microsoft Windows vulnerability could allow remote code execution
Report ID: MS201201005
Date Published: 11 January 2012
Compromise Type: remote-code-execution
Compromise From: remote
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
A vulnerability involving ClickOnce, a deployment technology that facilitates the creation of self-updating Windows-based applications, could allow an attacker to execute arbitrary code and take control of an affected system.
Microsoft has released a security update for Windows operating system, which addresses a vulnerability that exists when Windows Packager loads ClickOnce applications embedded in Microsoft Office files. An attacker may exploit the vulnerability by embedding ClickOnce application installers into Microsoft Office documents, and later execute code without user interaction.
This vulnerability issue has been resolved in the update by changing the way that Windows Packager checks for unsafe files. As a protection against potential exploit, users are recommended to install the latest security update for their system.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-005)