Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-56424
HistoryNov 13, 2012 - 12:00 a.m.

Microsoft Windows Briefcase CVE-2012-1527 Integer Underflow Remote Code Execution Vulnerability

2012-11-1300:00:00
Symantec Security Response
www.symantec.com
13

0.967 High

EPSS

Percentile

99.7%

JSON

Description

Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition.

Technologies Affected

  • Avaya CallPilot 4.0
  • Avaya CallPilot 4.0.1
  • Avaya CallPilot 5.0
  • Avaya CallPilot 5.0.1
  • Avaya Communication Server 1000 Telephony Manager 3.0
  • Avaya Communication Server 1000 Telephony Manager 3.0.1
  • Avaya Communication Server 1000 Telephony Manager 4.0
  • Avaya Communication Server 1000 Telephony Manager 4.0.1
  • Avaya Conferencing Standard Edition 6.0
  • Avaya Conferencing Standard Edition 6.0 SP1
  • Avaya Conferencing Standard Edition 6.0.1
  • Avaya Meeting Exchange - Client Registration Server 5.0
  • Avaya Meeting Exchange - Client Registration Server 5.0.1
  • Avaya Meeting Exchange - Client Registration Server 5.2
  • Avaya Meeting Exchange - Client Registration Server 5.2.1
  • Avaya Meeting Exchange - Recording Server 5.0
  • Avaya Meeting Exchange - Recording Server 5.0.1
  • Avaya Meeting Exchange - Recording Server 5.2
  • Avaya Meeting Exchange - Recording Server 5.2.1
  • Avaya Meeting Exchange - Streaming Server 5.0
  • Avaya Meeting Exchange - Streaming Server 5.0
  • Avaya Meeting Exchange - Streaming Server 5.0.1
  • Avaya Meeting Exchange - Streaming Server 5.2
  • Avaya Meeting Exchange - Streaming Server 5.2.1
  • Avaya Meeting Exchange - Web Conferencing Server 5.0
  • Avaya Meeting Exchange - Web Conferencing Server 5.0.1
  • Avaya Meeting Exchange - Web Conferencing Server 5.2
  • Avaya Meeting Exchange - Web Conferencing Server 5.2.1
  • Avaya Meeting Exchange - Webportal 5.0
  • Avaya Meeting Exchange - Webportal 5.0.1
  • Avaya Meeting Exchange - Webportal 5.2
  • Avaya Meeting Exchange - Webportal 5.2.1
  • Avaya Messaging Application Server 5.0
  • Avaya Messaging Application Server 5.0.1
  • Avaya Messaging Application Server 5.2
  • Avaya Messaging Application Server 5.2.1
  • Microsoft Windows 7 for 32-bit Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8 for 32-bit Systems
  • Microsoft Windows 8 for 64-bit Systems
  • Microsoft Windows Server 2003 Itanium SP2
  • Microsoft Windows Server 2003 SP2
  • Microsoft Windows Server 2003 x64 SP2
  • Microsoft Windows Server 2008 R2 for x64-based Systems
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Vista Service Pack 2
  • Microsoft Windows Vista x64 Edition SP2
  • Microsoft Windows XP Professional x64 Edition SP2
  • Microsoft Windows XP Service Pack 3

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.
Never follow links provided by unknown or untrusted sources.

Set web browser security to disable the execution of JavaScript.
Since the exploitation of some of this issue allows the execution of malicious script code in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect websites that rely on the execution of browser-based script code.

Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.

Updates are available. Please see the references for more information.

Related

cvelist 1
nvd 1
cve 1
prion 1
openvas 2
nessus 1
checkpoint_advisories 1
securityvulns 1
cvelist
cvelist
CVE-2012-1527
2012-11-14 00:00:00
nvd
nvd
CVE-2012-1527
2012-11-14 00:55:01
cve
cve
CVE-2012-1527
2012-11-14 00:55:01
prion
prion
Integer overflow
2012-11-14 00:55:00
openvas
openvas
Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
2012-11-14 00:00:00
Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
2012-11-14 00:00:00
nessus
nessus
MS12-072: Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
2012-11-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Briefcase Integer Underflow (MS12-072; CVE-2012-1527; CVE-2012-1528)
2012-11-13 00:00:00
securityvulns
securityvulns
Microsoft Windows security vulnerabilities
2012-11-18 00:00:00

0.967 High

EPSS

Percentile

99.7%

JSON
Related for SMNTC-56424
cvelist1nvd1cve1prion1openvas2nessus1checkpoint_advisories1securityvulns1