CVE-2012-0009

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP2

Description The issue allows local users to gain privileges via a Trojan horse executable file in the current working directory. A remote code execution vulnerability exists in the way that Windows registers and uses the Windows Object Packager, which could allow an attacker to take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows XP SP2 and SP3, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the Windows Object Packager until a patch is available.