PT-2012-2239 · Microsoft · Office+1

Yorick Koster

Published

2012-01-10

Updated

2023-12-07

CVE-2012-0013

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description A remote code execution issue exists due to an incomplete blacklist vulnerability in the Windows Packager configuration. This allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files. The issue is related to the way Windows Packager loads ClickOnce applications embedded in Microsoft Office files.

Recommendations For Microsoft Windows versions prior to the fixed version, update to the latest version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-0013

Affected Products

Office

Windows

PT-2012-2239 · Microsoft · Office+1

CVE-2012-0013

Related Identifiers

Affected Products

References · 12