1. CVE-Search
  2. CVE-2012-0016
ID CVE-2012-0016
Summary Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-022 'This is a remote code execution vulnerability.' Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:expression_design:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:expression_design:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:expression_design:-:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:expression_design:-:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:expression_design:2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:expression_design:2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:expression_design:3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:expression_design:3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:expression_design:4:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:expression_design:4:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 22:02)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS12-022
bulletin_url
date 2012-03-13T00:00:00
impact Remote Code Execution
knowledgebase_id 2651018
knowledgebase_url
severity Important
title Vulnerability in Expression Design Could Allow Remote Code Execution
oval via4
accepted 2012-04-23T04:00:11.397-04:00
class vulnerability
contributors
name Josh Turpin
organization Symantec Corporation
definition_extensions
  • comment Microsoft Expression Design 1 RTM is installed
    oval oval:org.mitre.oval:def:14893
  • comment Microsoft Expression Design 1 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:14913
  • comment Microsoft Expression Design 2 is installed
    oval oval:org.mitre.oval:def:15010
  • comment Microsoft Expression Design 3 is installed
    oval oval:org.mitre.oval:def:15115
  • comment Microsoft Expression Design 4 is installed
    oval oval:org.mitre.oval:def:14877
description Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:14973
status accepted
submitted 2012-03-13T13:00:00
title Expression Design Insecure Library Loading Vulnerability
version 5
refmap via4
cert TA12-073A
saint via4
bid 52375
description Microsoft Expression Design wintab32.dll Library Loading
id win_patch_exprdesign12022
osvdb 80001
title ms_expression_design_dll_loading
type client
Last major update 12-10-2018 - 22:02
Published 13-03-2012 - 21:55
Last modified 12-10-2018 - 22:02
Back to Top