Executive Summary

Summary
Title Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
Informations
Name MS12-022 First vendor Publication 2012-03-13
Vendor Microsoft Last vendor Modification 2012-03-14
Severity (Vendor) Important Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.1 (March 14, 2012): Removed erroneous installation switch option descriptions from the Security Update Deployment tables for all supported releases. This is an informational change only. There were no changes to the detection logic or the update files.

Summary: This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Expression Design could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .xpr or .DESIGN file) from this location that is then loaded by a vulnerable application.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-022

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14973
 
Oval ID: oval:org.mitre.oval:def:14973
Title: Expression Design Insecure Library Loading Vulnerability
Description: Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0016
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Expression Design 1
Microsoft Expression Design 2
Microsoft Expression Design 3
Microsoft Expression Design 4
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5

SAINT Exploits

Description Link
Microsoft Expression Design wintab32.dll Library Loading More info here

ExploitDB Exploits

id Description
2013-11-27 MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access

OpenVAS Exploits

Date Description
2012-03-14 Name : Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
File : nvt/secpod_ms12-022.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-03-15 IAVM : 2012-A-0038 - Microsoft Expression Design Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0031884

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Expression Design wintab32.dll dll-load exploit attempt
RuleID : 21567 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft Expression Design request for wintab32.dll over SMB attempt
RuleID : 21566 - Revision : 11 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2012-03-13 Name : The Microsoft Expression Design install on the remote Windows host could allo...
File : smb_nt_ms12-022.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2015-02-20 13:24:19
  • Multiple Updates
2015-02-18 13:22:34
  • Multiple Updates
2014-02-17 11:47:17
  • Multiple Updates
2014-01-19 21:30:48
  • Multiple Updates
2014-01-03 17:19:07
  • Multiple Updates
2013-12-01 21:18:44
  • Multiple Updates
2013-11-11 12:41:28
  • Multiple Updates