Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows Shell vulnerability could allow remote code execution


Report ID: MS201207006
Date Published: 16 July 2012

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

A vulnerability involving Windows' handling of files and directory names could allow an attacker to execute code in the context of a logged-on user.



Detailed Description

Microsoft has released a security update to address a vulnerability in Microsoft Windows. The vulnerability was caused by improper handling of a specially crafted file or directory names, and upon successful exploit, it could allow the attacker to execute code in the context of a logged-on user.

The issue has been resolved by making necessary modification in the way that Windows handles files and directory names. Users are recommeded to install this update onto their system as a protection measure againsts potential exploit attempts.



CVE Reference

CVE-2012-0175



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-048)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.