CVE-2012-0016

Name of the Vulnerable Software and Affected Versions Microsoft Expression Design versions prior to SP1 Microsoft Expression Design 2 Microsoft Expression Design 3 Microsoft Expression Design 4

Description The issue allows local users to gain privileges via a Trojan horse DLL in the current working directory. This can be demonstrated by a directory that contains a .xpr or .DESIGN file.

Recommendations For Microsoft Expression Design prior to SP1, update to SP1 or a later version to resolve the issue. For Microsoft Expression Design 2, 3, and 4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.