Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows Shell vulnerabilities could allow remote code execution


Report ID: MS201211002
Date Published: 14 November 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012




Summary

Two vulnerabilities in the Briefcase feature in Windows could each be exploited by an attacker to execute arbitrary code on an affected system.



Detailed Description

Microsoft has released a security update following the report of two vulnerabilities found in the Briefcase feature in Windows. Briefcase is a feature that synchronizes the contents of two folders. The two vulnerabilities were caused by improper handling of a specially crafted briefcase, resulting in a condition that may allow an attacker to execute arbitrary code on the system.

Both vulnerabilities have been addressed through the latest security update, which introduces modification in the way that Windows handles a briefcase. Users are recommended to install this update to protect their system from potential exploit attempts.



CVE Reference

CVE-2012-1527, CVE-2012-1528



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-072)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.