Vulnerabilities > CVE-2012-0013 - Unspecified vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 12 |
Exploit-Db
description Microsoft Windows Assembly Execution Vulnerability (MS12-005). CVE-2012-0013. Local exploit for windows platform id EDB-ID:18372 last seen 2016-02-02 modified 2012-01-14 published 2012-01-14 reporter Byoungyoung Lee source https://www.exploit-db.com/download/18372/ title Microsoft Windows Assembly Execution Vulnerability MS12-005 description MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability. CVE-2012-0013. Local exploit for windows platform id EDB-ID:19037 last seen 2016-02-02 modified 2012-06-11 published 2012-06-11 reporter metasploit source https://www.exploit-db.com/download/19037/ title Microsoft Office - ClickOnce Unsafe Object Package Handling Vulnerability MS12-005
Metasploit
description | This module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This can allow attackers to trick victims into opening the malicious document, which will load up either a python or ruby payload, and finally, download and execute an executable. |
id | MSF:EXPLOIT/WINDOWS/FILEFORMAT/MS12_005 |
last seen | 2020-06-07 |
modified | 2017-07-24 |
published | 2012-06-10 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/ms12_005.rb |
title | MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability |
Msbulletin
bulletin_id | MS12-005 |
bulletin_url | |
date | 2012-01-10T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 2584146 |
knowledgebase_url | |
severity | Important |
title | Vulnerability in Microsoft Windows Could Allow Remote Code Execution |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS12-005.NASL |
description | The remote Windows host does not include ClickOnce application file types in the Windows Packager unsafe file type list. An attacker could leverage this issue to execute arbitrary code in the context of the current user on the affected host if he can trick the user into opening a Microsoft Office file with a malicious ClickOnce application embedded in it. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 57473 |
published | 2012-01-10 |
reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/57473 |
title | MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) |
code |
|
Oval
accepted | 2012-03-05T04:00:07.990-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:14197 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2012-01-10T13:00:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Assembly Execution Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 73 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/113483/ms12_005.rb.txt |
id | PACKETSTORM:113483 |
last seen | 2016-12-05 |
published | 2012-06-11 |
reporter | Yorick Koster |
source | https://packetstormsecurity.com/files/113483/MS12-005-Microsoft-Office-ClickOnce-Unsafe-Object-Package-Handling-Vulnerability.html |
title | MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability |
Saint
bid | 51284 |
description | Microsoft Office ClickOnce Unsafe Execution |
id | win_patch_ms12005 |
osvdb | 78207 |
title | microsoft_office_clickonce_unsafe_exec |
type | client |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:73010 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-73010 title MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability bulletinFamily exploit description No description provided by source. id SSV:72496 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-72496 title Microsoft Windows Assembly Execution Vulnerability MS12-005 bulletinFamily exploit description No description provided by source. id SSV:60200 last seen 2017-11-19 modified 2012-06-11 published 2012-06-11 reporter Root source https://www.seebug.org/vuldb/ssvid-60200 title Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability(MS12-005)
References
- http://www.securityfocus.com/bid/51284
- http://www.securitytracker.com/id?1026497
- http://secunia.com/advisories/47480
- http://www.us-cert.gov/cas/techalerts/TA12-010A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14197
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-005