Lucene search
Immunity CanvasMS12_005HistoryJan 10, 2012 - 9:55 p.m.
Immunity Canvas: MS12_005
2012-01-1021:55:00
Immunity Canvas
exploitlist.immunityinc.com
33
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
| Name | ms12_005 |
|---|---|
| CVE | CVE-2012-0013 Exploit Pack |
| Notes: The issue we exploit here was fixed silently alongside the ClickOnce issues in the MS12-005 patch but allows for a much cleaner exploitation primitive. To use this exploit, prepare a PPTX using this module by embedding a desired executable (PE .EXE), then save the resulting patched PPTX as a PPS (97-2003 powerpoint show) using MS Office 2010. This PPS may be served to vulnerable MS Office 2007-2010 installations on Windows Vista and 7 and will execute the embedded executable without further user interaction on opening of the PPS. | |
| VENDOR: Microsoft | |
| CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0013 | |
| CVE Name: CVE-2012-0013 |
Related
prion
prion
Design/Logic Flaw
2012-01-10 21:55:00
exploitpack
exploitpack
Microsoft Windows - Assembly Execution (MS12-005)
2012-01-14 00:00:00
seebug
seebug
Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability(MS12-005)
2012-06-11 00:00:00
Microsoft Windows Assembly Execution Vulnerability MS12-005
2014-07-01 00:00:00
saint
saint
Microsoft Office ClickOnce Unsafe Execution
2012-01-16 00:00:00
Microsoft Office ClickOnce Unsafe Execution
2012-01-16 00:00:00
Microsoft Office ClickOnce Unsafe Execution
2012-01-16 00:00:00
nessus
nessus
packetstorm
packetstorm
checkpoint_advisories
checkpoint_advisories
openvas
openvas
cvelist
cvelist
CVE-2012-0013
2012-01-10 21:00:00
metasploit
metasploit
securityvulns
securityvulns
Office arbitrary ClickOnce application execution vulnerability
2012-01-21 00:00:00
Microsoft Windows multiple security vulnerabilities
2012-01-21 00:00:00
cve
cve
CVE-2012-0013
2012-01-10 21:55:00
exploitdb
exploitdb
Microsoft Windows - Assembly Execution (MS12-005)
2012-01-14 00:00:00
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Related for MS12_005