ID CVE-2012-0013
Summary Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7 64-bit Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64
  • Microsoft Windows 7 x86 Service Pack 1
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Windows Server 2008 Service Pack 2 for 32-bit systems
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x32
  • Microsoft Windows Server 2008 Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64
  • Microsoft Windows Server 2008 Service Pack 2 for Itanium-Based Systems
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium
  • Windows Server 2008 R2 for Itanium-based Systems
    cpe:2.3:o:microsoft:windows_server_2008:r2:-:itanium
  • Windows Server 2008 R2 for 32-bit Systems
    cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64
  • Microsoft Windows Server 2008 r2 Service Pack 1 Itanium
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium
  • Microsoft Windows Server 2008 R2 Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:professional_x64
    cpe:2.3:o:microsoft:windows_xp:-:sp2:professional_x64
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
CVSS
Base: 9.3 (as of 11-01-2012 - 12:53)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability. CVE-2012-0013. Local exploit for windows platform
    id EDB-ID:19037
    last seen 2016-02-02
    modified 2012-06-11
    published 2012-06-11
    reporter metasploit
    source https://www.exploit-db.com/download/19037/
    title Microsoft Office - ClickOnce Unsafe Object Package Handling Vulnerability MS12-005
  • description Microsoft Windows Assembly Execution Vulnerability (MS12-005). CVE-2012-0013. Local exploit for windows platform
    id EDB-ID:18372
    last seen 2016-02-02
    modified 2012-01-14
    published 2012-01-14
    reporter Byoungyoung Lee
    source https://www.exploit-db.com/download/18372/
    title Microsoft Windows Assembly Execution Vulnerability MS12-005
metasploit via4
description This module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This can allow attackers to trick victims into opening the malicious document, which will load up either a python or ruby payload, and finally, download and execute an executable.
id MSF:EXPLOIT/WINDOWS/FILEFORMAT/MS12_005
last seen 2019-02-07
modified 2017-07-24
published 2012-06-10
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/ms12_005.rb
title MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
msbulletin via4
bulletin_id MS12-005
bulletin_url
date 2012-01-10T00:00:00
impact Remote Code Execution
knowledgebase_id 2584146
knowledgebase_url
severity Important
title Vulnerability in Microsoft Windows Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS12-005.NASL
description The remote Windows host does not include ClickOnce application file types in the Windows Packager unsafe file type list. An attacker could leverage this issue to execute arbitrary code in the context of the current user on the affected host if he can trick the user into opening a Microsoft Office file with a malicious ClickOnce application embedded in it.
last seen 2019-02-21
modified 2018-11-15
plugin id 57473
published 2012-01-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=57473
title MS12-005: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
oval via4
accepted 2012-03-05T04:00:07.990-05:00
class vulnerability
contributors
  • name Josh Turpin
    organization Symantec Corporation
  • name Josh Turpin
    organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6124
  • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5594
  • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5653
  • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6216
  • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6150
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12292
  • comment Microsoft Windows 7 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12627
  • comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12567
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12583
description Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
family windows
id oval:org.mitre.oval:def:14197
status accepted
submitted 2012-01-10T13:00:00
title Assembly Execution Vulnerability
version 70
packetstorm via4
data source https://packetstormsecurity.com/files/download/113483/ms12_005.rb.txt
id PACKETSTORM:113483
last seen 2016-12-05
published 2012-06-11
reporter Yorick Koster
source https://packetstormsecurity.com/files/113483/MS12-005-Microsoft-Office-ClickOnce-Unsafe-Object-Package-Handling-Vulnerability.html
title MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
refmap via4
bid 51284
cert TA12-010A
ms MS12-005
sectrack 1026497
secunia 47480
saint via4
bid 51284
description Microsoft Office ClickOnce Unsafe Execution
id win_patch_ms12005
osvdb 78207
title microsoft_office_clickonce_unsafe_exec
type client
Last major update 06-03-2013 - 23:50
Published 10-01-2012 - 16:55
Last modified 26-02-2019 - 09:04
Back to Top