Skip Ribbon Commands
Skip to main content
Mauritian National Computer Security Incident Response Team (CERT-MU)

CERT-MU AD-2012-27

Microsoft Windows Multiple Vulnerabilities
Original issue date: August 16, 2012
Severity Rating: High
Overview
Multiple vulnerabilities have been identified in Microsoft Windows and they can be exploited by remote attackers to cause execution of arbitrary code on affected systems and cause a denial of service condition. Microsoft has issued an update that addresses these vulnerabilities.
Description
Multiple vulnerabilities have been identified in Microsoft Windows and they can be exploited by remote attackers to cause execution of arbitrary code on the affected systems and cause a denial of service condition. The vulnerabilities reported are as follows:
1.     A vulnerability has been identified in Microsoft Visio. This vulnerability can allow a remote attacker to create a specially crafted Visio file that when loaded by the user will activate a buffer overflow and cause execution of arbitrary code on the targeted system. The code will run with the privileges of the user.
2.     A vulnerability has been reported in Microsoft Office and it can be exploited by remote attackers to cause execution of arbitrary code. This vulnerability can allow a remote attacker to create a specially crafted Computer Graphics Metafile (CGM) graphics file that when loaded by the user will trigger a memory corruption error and execute arbitrary code.
3.     A vulnerability has been identified in Microsoft JScript and VBScript and it can be exploited by remote attackers to cause execution of arbitrary code. This vulnerability can allow a remote attacker to create a specially crafted HTML that when it is loaded by the user will trigger an integer overflow and execute arbitrary code on the affected system. The code will run with the privileges of the user.
4.     A vulnerability is caused in Windows Kernel-Mode Drivers. This vulnerability can allow remote attackers to initiate a use-after-free memory error located in ‘Win32k.sys’and this can be exploited by remote attackers to obtain elevated privileges on the affected system. Successful exploitation of this vulnerability can allow remote attackers to cause execution of arbitrary commands on the affected system with kernel level privileges.
5.     Several vulnerabilities have been reported in Microsoft Internet Explorer. This vulnerability can allow a remote attacker to create specially crafted HTML that when loaded by the target user, will initiate a memory corruption error or integer overflow and execute arbitrary code on the user’s system. The code will run with the privileges of the user.
6.     A vulnerability was reported in Microsoft Visual Basic. This vulnerability can allow a remote attacker to create a specially crafted HTML that, when loaded by the user, will invoke the Windows Common Controls ActiveX controls (MSCOMCTL.OCX) and initiate a flaw in the TabStrip control and execute arbitrary code on the user’s system. The code will run with the privileges of the target user.
7.     A vulnerability has been identified in Microsoft Visual FoxPro. This can allow a remote attacker to create a specially crafted HTML that when loaded by the user, will invoke the Windows Common Controls ActiveX controls (MSCOMCTL.OCX) and initiate a flaw in the TabStrip control. Successful exploitation of this vulnerability can allow execution of arbitrary code on the user’s system. The code will run with the privileges of the target user.
Microsoft has issued an update to address these vulnerabilities.
Affected Systems
  • Microsoft Windows 2010 SP1, Visio Viewer 2010 SP1
  • Microsoft Windows 2007 SP2, 2007 SP3, 2010 SP1
  • Microsoft Windows 2007 SP2, 2007 SP3, 2010 SP1
  • Microsoft Windows XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
  • Microsoft Internet Explorer versions 6, 7, 8, 9
  • Microsoft Visual Basic 6.0 Runtime
  • Microsoft Visual FoxPro 8.0 SP1, 9.0 SP2; and prior service packs
Solution
Users are advised to apply updates.
More information about the update is available on:
CVE Information
References
Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
E-mail:
 

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis