9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Name | ms12_005 |
---|---|
CVE | CVE-2012-0013 Exploit Pack |
Notes: The issue we exploit here was fixed silently alongside the ClickOnce issues in the MS12-005 patch but allows for a much cleaner exploitation primitive. To use this exploit, prepare a PPTX using this module by embedding a desired executable (PE .EXE), then save the resulting patched PPTX as a PPS (97-2003 powerpoint show) using MS Office 2010. This PPS may be served to vulnerable MS Office 2007-2010 installations on Windows Vista and 7 and will execute the embedded executable without further user interaction on opening of the PPS. | |
VENDOR: Microsoft | |
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0013 | |
CVE Name: CVE-2012-0013 |