Microsoft Office - ClickOnce Unsafe Object Package Handling (MS12-005) (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex/zip' class Metasploit3...

MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability

This module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This can allow attackers to trick victims into...

Office arbitrary ClickOnce application execution vulnerability

------------------------------------------------------------------------ Office arbitrary ClickOnce application execution vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2010...

Microsoft Office ClickOnce Unsafe Execution

Added: 01/16/2012 CVE: CVE-2012-0013 BID: 51284 OSVDB: 78207 Background ClickOnce is a deployment technology that allows developers to create self-updating Windows-based applications that can be installed and run with minimal user interaction. A ClickOnce application is any Windows Presentation...

Microsoft Office ClickOnce Unsafe Execution

Added: 01/16/2012 CVE: CVE-2012-0013 BID: 51284 OSVDB: 78207 Background ClickOnce is a deployment technology that allows developers to create self-updating Windows-based applications that can be installed and run with minimal user interaction. A ClickOnce application is any Windows Presentation...

Microsoft Office ClickOnce Unsafe Execution

Added: 01/16/2012 CVE: CVE-2012-0013 BID: 51284 OSVDB: 78207 Background ClickOnce is a deployment technology that allows developers to create self-updating Windows-based applications that can be installed and run with minimal user interaction. A ClickOnce application is any Windows Presentation...

Microsoft Office ClickOnce Unsafe Execution

Added: 01/16/2012 CVE: CVE-2012-0013 BID: 51284 OSVDB: 78207 Background ClickOnce is a deployment technology that allows developers to create self-updating Windows-based applications that can be installed and run with minimal user interaction. A ClickOnce application is any Windows Presentation...

Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)

This host is missing an important security update according to Microsoft Bulletin MS12-005. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)

This host is missing an important security update according to Microsoft Bulletin MS12-005. OpenVAS Vulnerability Test $Id: secpodms12-005.nasl 5341 2017-02-18 16:59:12Z cfi $ Windows ClickOnce Application Installer Remote Code Execution Vulnerability 2584146 Authors: Rachana Shetty Copyright:...

CVE-2012-0013

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce...

Immunity Canvas: MS12_005

Name| ms12005 ---|--- CVE| CVE-2012-0013 Exploit Pack| CANVAS Description| MS12-005: MS Office 2007-2010 Shell Object Packager file extension bypass Notes| Repeatability: Infinite Notes: The issue we exploit here was fixed silently alongside the ClickOnce issues in the MS12-005 patch but allows f...

Design/Logic Flaw

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce...

CVE-2012-0013

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce...

CVE-2012-0013

CVE-2012-0013 is a remote-code-execution vulnerability in the Windows PackagerClickOnce handling: ClickOnce file types are not included in the Windows Packager unsafe file type list, allowing an attacker to execute arbitrary code via a crafted Office document. Affected OSes include Windows XP SP2...

PT-2012-2239 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A remote code execution issue exists due to an incomplete blacklist vulnerability in the Windows Packager configuration. This allows remote attackers to execute arbitrary code...

MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)

The remote Windows host does not include ClickOnce application file types in the Windows Packager unsafe file type list. An attacker could leverage this issue to execute arbitrary code in the context of the current user on the affected host if he can trick the user into opening a Microsoft Office...

Microsoft ClickOnce technology insufficient security

Installation of unsigned elements is allowed...

Microsoft ClickOnce MITM Vulnerabilities

============================================================================== ======|ЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇЇ|====== ======| ClickOnce Man-In-The-Middle [email protected] |====== ======||======...