CVE-2012-1527

2012-11-14T00:55:00
ID CVE-2012-1527
Type cve
Reporter cve@mitre.org
Modified 2019-02-26T14:04:00

Description

Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-072

"A remote code execution vulnerability exists in the Briefcase feature in Windows. An attacker could exploit the vulnerability by convincing a user to open a specially crafted briefcase.....The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message."