SAINT CorporationSAINT:69DBDC662C7B6BCD144508DA8330A00FWindows Object Packager Insecure Execution
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.8%
Added: 01/24/2012
CVE: CVE-2012-0009
BID: 51297
OSVDB: 78212
Background
Windows Object Packager is a tool that can be used to create a package that can be inserted into a file.
Problem
A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on network shares, WebDAV locations, and UNCs. An attacker may exploit this by uploading both a seemingly innocent document that references a malicious object and the malicious object to a file share and tricking a user into opening the document.
Resolution
Apply the patch provided by Microsoft Security Bulletin MS12-002.
References
<http://technet.microsoft.com/en-us/security/bulletin/ms12-002>
Limitations
This exploit has been tested against Microsoft Office Publisher 2007 SP3 on Windows XP SP3 English (DEP OptIn)
An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified. The program **smbclient** must be available on the SAINT host.
Exploit requires creation of a custom e-mail message specifying an exploit download path ‘\\smb_server\smb_share\article.pub’.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.8%