Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

C run-time library vulnerability could allow remote code execution


Report ID: MS201202006
Date Published: 15 February 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

A vulnerability involving the C run-time library could allow an attacker to execute code in the context of a local user.



Detailed Description

Microsoft has issued a security update to address a critical vulnerability involving the C run-time library. This vulnerability resulted when msvcrt.dll, a multithreaded C run-time dynamic link library, miscalculates the size of a buffer. This condition allows data to be copied into improperly allocated memory. Upon successful exploitation, this vulnerability could allow an attacker to execute code in the context of a local user.

This issue has been fixed in the update by modifying the way that msvcrt.dll calculates the size of data structures in memory. Users are recommended to install this update to protect their system from potential exploit.



CVE Reference

CVE-2012-0150



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-013)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.