Vulnerabilities > CVE-2012-0013 - Unspecified vulnerability in Microsoft products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

nessus

exploit available

metasploit

NVD

Published: 2012-01-10

Updated: 2023-12-07

Summary

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows Server 2008 * Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 - Microsoft Windows 7 - Microsoft Windows XP * Microsoft Windows Server 2003 * Microsoft Windows Vista *	12

Exploit-Db

description	Microsoft Windows Assembly Execution Vulnerability (MS12-005). CVE-2012-0013. Local exploit for windows platform
id	EDB-ID:18372
last seen	2016-02-02
modified	2012-01-14
published	2012-01-14
reporter	Byoungyoung Lee
source	https://www.exploit-db.com/download/18372/
title	Microsoft Windows Assembly Execution Vulnerability MS12-005

description	MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability. CVE-2012-0013. Local exploit for windows platform
id	EDB-ID:19037
last seen	2016-02-02
modified	2012-06-11
published	2012-06-11
reporter	metasploit
source	https://www.exploit-db.com/download/19037/
title	Microsoft Office - ClickOnce Unsafe Object Package Handling Vulnerability MS12-005

Metasploit

description	This module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This can allow attackers to trick victims into opening the malicious document, which will load up either a python or ruby payload, and finally, download and execute an executable.
id	MSF:EXPLOIT/WINDOWS/FILEFORMAT/MS12_005
last seen	2020-06-07
modified	2017-07-24
published	2012-06-10
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0013 http://support.microsoft.com/default.aspx?scid=kb;EN-US;2584146 http://exploitshop.wordpress.com/2012/01/14/ms12-005-embedded-object-package-allow-arbitrary-code-execution/
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/ms12_005.rb
title	MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability

Msbulletin

bulletin_id	MS12-005
bulletin_url
date	2012-01-10T00:00:00
impact	Remote Code Execution
knowledgebase_id	2584146
knowledgebase_url
severity	Important
title	Vulnerability in Microsoft Windows Could Allow Remote Code Execution

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS12-005.NASL
description	The remote Windows host does not include ClickOnce application file types in the Windows Packager unsafe file type list. An attacker could leverage this issue to execute arbitrary code in the context of the current user on the affected host if he can trick the user into opening a Microsoft Office file with a malicious ClickOnce application embedded in it.
last seen	2020-06-01
modified	2020-06-02
plugin id	57473
published	2012-01-10
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57473
title	MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(57473); script_version("1.22"); script_cvs_date("Date: 2018/11/15 20:50:31"); script_cve_id("CVE-2012-0013"); script_bugtraq_id(51284); script_xref(name:"MSFT", value:"MS12-005"); script_xref(name:"MSKB", value:"2584146"); script_name(english:"MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)"); script_summary(english:"Checks version of Packager.dll / Packager.exe"); script_set_attribute( attribute:"synopsis", value: "Opening a specially crafted Microsoft Office file could result in arbitrary code execution." ); script_set_attribute( attribute:"description", value: "The remote Windows host does not include ClickOnce application file types in the Windows Packager unsafe file type list. An attacker could leverage this issue to execute arbitrary code in the context of the current user on the affected host if he can trick the user into opening a Microsoft Office file with a malicious ClickOnce application embedded in it." ); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-005"); script_set_attribute( attribute:"solution", value: "Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS12-005'; kb = "2584146"; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( # Windows 7 / 2008 R2 hotfix_is_vulnerable(os:"6.1", sp:1, file:"Packager.dll", version:"6.1.7601.21863", min_version:"6.1.7601.21000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:1, file:"Packager.dll", version:"6.1.7601.17727", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:0, file:"Packager.dll", version:"6.1.7600.21094", min_version:"6.1.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.1", sp:0, file:"Packager.dll", version:"6.1.7600.16917", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Windows Vista / 2008 hotfix_is_vulnerable(os:"6.0", sp:2, file:"Packager.dll", version:"6.0.6002.22743", min_version:"6.0.6002.22000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"6.0", sp:2, file:"Packager.dll", version:"6.0.6002.18542", min_version:"6.0.6000.16000", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Windows 2003 / XP 64-bit hotfix_is_vulnerable(os:"5.2", sp:2, file:"Packager.exe", version:"5.2.3790.4936", dir:"\system32", bulletin:bulletin, kb:kb) \|\| # Windows XP 32-bit hotfix_is_vulnerable(os:"5.1", sp:3, file:"Packager.exe", version:"5.1.2600.6176", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2012-03-05T04:00:07.990-05:00

class

vulnerability

contributors

name Josh Turpin
organization Symantec Corporation
name Josh Turpin
organization Symantec Corporation

definition_extensions

comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631
comment Microsoft Windows XP x64 Edition SP2 is installed
oval oval:org.mitre.oval:def:4193
comment Microsoft Windows Server 2003 SP2 (x64) is installed
oval oval:org.mitre.oval:def:2161
comment Microsoft Windows Server 2003 SP2 (x86) is installed
oval oval:org.mitre.oval:def:1935
comment Microsoft Windows Server 2003 (ia64) SP2 is installed
oval oval:org.mitre.oval:def:1442
comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
oval oval:org.mitre.oval:def:6124
comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:5594
comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
oval oval:org.mitre.oval:def:5653
comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:6216
comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
oval oval:org.mitre.oval:def:6150
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows Server 2008 R2 x64 Edition is installed
oval oval:org.mitre.oval:def:6438
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
oval oval:org.mitre.oval:def:5954
comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
oval oval:org.mitre.oval:def:12292
comment Microsoft Windows 7 x64 Service Pack 1 is installed
oval oval:org.mitre.oval:def:12627
comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
oval oval:org.mitre.oval:def:12567
comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
oval oval:org.mitre.oval:def:12583

description

family

windows

oval:org.mitre.oval:def:14197

status

accepted

submitted

2012-01-10T13:00:00

title

Assembly Execution Vulnerability

version

Packetstorm

data source	https://packetstormsecurity.com/files/download/113483/ms12_005.rb.txt
id	PACKETSTORM:113483
last seen	2016-12-05
published	2012-06-11
reporter	Yorick Koster
source	https://packetstormsecurity.com/files/113483/MS12-005-Microsoft-Office-ClickOnce-Unsafe-Object-Package-Handling-Vulnerability.html
title	MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability

Saint

bid	51284
description	Microsoft Office ClickOnce Unsafe Execution
id	win_patch_ms12005
osvdb	78207
title	microsoft_office_clickonce_unsafe_exec
type	client

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:73010
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-73010
title	MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability

bulletinFamily	exploit
description	No description provided by source.
id	SSV:72496
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-72496
title	Microsoft Windows Assembly Execution Vulnerability MS12-005

bulletinFamily	exploit
description	No description provided by source.
id	SSV:60200
last seen	2017-11-19
modified	2012-06-11
published	2012-06-11
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-60200
title	Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability(MS12-005)

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Msbulletin

Nessus

Oval

Packetstorm

Saint

Seebug

References