CVE-2012-0175

Name of the Vulnerable Software and Affected Versions Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2 through R2 SP1 Microsoft Windows 7 versions Gold through SP1

Description A remote code execution issue exists in the way Windows handles file and directory names, allowing remote attackers to execute arbitrary code via a crafted name for a file or directory. This could enable an attacker to take complete control of an affected system if a user opens a file or directory with a specially crafted name, especially if the user is logged on with administrative user rights. The attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Windows XP versions SP2 through SP3, apply the relevant security update to resolve the issue. For Microsoft Windows Server 2003 version SP2, apply the relevant security update to resolve the issue. For Microsoft Windows Vista version SP2, apply the relevant security update to resolve the issue. For Microsoft Windows Server 2008 versions SP2 through R2 SP1, apply the relevant security update to resolve the issue. For Microsoft Windows 7 versions Gold through SP1, apply the relevant security update to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted file or directory names until a patch is available.