Vulnerabilities > CVE-2012-0001 - Unspecified vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus
NVD
Published: 2012-01-10
Updated: 2023-12-07

Summary

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."

Vulnerable Configurations

Part Description Count
OS
Microsoft
11

Msbulletin

bulletin_idMS12-001
bulletin_url
date2012-01-10T00:00:00
impactSecurity Feature Bypass
knowledgebase_id2644615
knowledgebase_url
severityImportant
titleVulnerability in Windows Kernel Could Allow Security Feature Bypass

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS12-001.NASL
descriptionThe remote Windows host has a bypass vulnerability in the SafeSEH security feature. This could allow an attacker to use other vulnerabilities to bypass the SafeSEH security feature and run arbitrary code on the remote host. Only software applications compiled using Microsoft Visual C++ .NET 2003 could be used to exploit this vulnerability.
last seen2020-06-01
modified2020-06-02
plugin id57469
published2012-01-10
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/57469
titleMS12-001: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57469);
  script_version("1.14");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2012-0001");
  script_bugtraq_id(51296);
  script_xref(name:"MSFT", value:"MS12-001");
  script_xref(name:"IAVA", value:"2012-A-0003");
  script_xref(name:"MSKB", value:"2644615");


  script_name(english:"MS12-001: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)");
  script_summary(english:"Checks the version of Ntdll.dll");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Windows host has a flaw in a security feature that is
utilized by certain software applications."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Windows host has a bypass vulnerability in the SafeSEH
security feature.  This could allow an attacker to use other
vulnerabilities to bypass the SafeSEH security feature and run
arbitrary code on the remote host.  Only software applications
compiled using Microsoft Visual C++ .NET 2003 could be used to exploit
this vulnerability."
  );
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-001");
  script_set_attribute(
    attribute:"solution",
    value:
"Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, and 2008 R2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}


include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS12-001';
kb = '2644615';
kbs = make_list(kb);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 7 and Windows Server 2008 R2
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Ntdll.dll", version:"6.1.7601.21861", min_version:"6.1.7601.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Ntdll.dll", version:"6.1.7601.17725", min_version:"6.1.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Ntdll.dll", version:"6.1.7600.21092", min_version:"6.1.7600.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Ntdll.dll", version:"6.1.7600.16915", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista SP2 / Windows 2008 SP2
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Ntdll.dll", version:"6.0.6002.22742", min_version:"6.0.6002.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Ntdll.dll", version:"6.0.6002.18541", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003 SP2 / XP x64
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Ntdll.dll", version:"5.2.3790.4937",  dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

accepted2012-02-20T04:00:06.732-05:00
classvulnerability
contributors
nameJosh Turpin
organizationSymantec Corporation
definition_extensions
  • commentMicrosoft Windows XP x64 Edition SP2 is installed
    ovaloval:org.mitre.oval:def:4193
  • commentMicrosoft Windows Server 2003 SP2 (x86) is installed
    ovaloval:org.mitre.oval:def:1935
  • commentMicrosoft Windows Server 2003 SP2 (x64) is installed
    ovaloval:org.mitre.oval:def:2161
  • commentMicrosoft Windows Server 2003 (ia64) SP2 is installed
    ovaloval:org.mitre.oval:def:1442
  • commentMicrosoft Windows Vista (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6124
  • commentMicrosoft Windows Vista x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5594
  • commentMicrosoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:5653
  • commentMicrosoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6216
  • commentMicrosoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
    ovaloval:org.mitre.oval:def:6150
  • commentMicrosoft Windows 7 (32-bit) is installed
    ovaloval:org.mitre.oval:def:6165
  • commentMicrosoft Windows 7 x64 Edition is installed
    ovaloval:org.mitre.oval:def:5950
  • commentMicrosoft Windows Server 2008 R2 x64 Edition is installed
    ovaloval:org.mitre.oval:def:6438
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition is installed
    ovaloval:org.mitre.oval:def:5954
  • commentMicrosoft Windows 7 (32-bit) Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12292
  • commentMicrosoft Windows 7 x64 Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12627
  • commentMicrosoft Windows Server 2008 R2 x64 Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12567
  • commentMicrosoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
    ovaloval:org.mitre.oval:def:12583
descriptionThe kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
familywindows
idoval:org.mitre.oval:def:14758
statusaccepted
submitted2012-01-10T13:00:00
titleWindows Kernel SafeSEH Bypass Vulnerability
version72

References