CVE-2012-1537

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to Windows 8.1 and Windows Server 2012 R2

Description A remote code execution issue exists in the way DirectPlay handles specially crafted content. This could allow remote code execution if an attacker convinces a user to view a specially crafted Office document with embedded content. An attacker who successfully exploits this issue could take complete control of an affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights.

Recommendations For Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012, update to a newer version of Windows to resolve the issue. For Windows 8 and Windows Server 2012, ensure that all security updates are applied to mitigate the risk of exploitation. As a temporary workaround, consider restricting the use of DirectPlay to minimize the risk of exploitation.