|Check Point Reference:||CPAI-2012-051|
|Date Published:||14 Feb 2012|
|Protection Provided by:||
|Who is Vulnerable?|| Windows Server 2008 R2 for x64-based Systems |
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
|Vulnerability Description||A remote code execution vulnerability has been reported in Microsoft Color Control Panel.|
|Update/Patch Avaliable||Apply patches from: MS12-012|
|Vulnerability Details||The vulnerability is due to the way the application improperly restricts the path used when loading external libraries. A remote attacker could exploit this issue by convincing a user to open a legitimate file (such as an .icm or .icc file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Successful exploitation could allow an attacker to take complete control of an affected system.|
This protection will detect and block the transferring of malicious DLL files over a network share.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
- In the IPS tab, click Protections and find the Microsoft Color Control Panel Insecure Library Loading (MS12-012) protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
SmartView Tracker will log the following entries:
Attack Name: Windows SMB Protection Violation
Attack Information: Microsoft color control panel insecure library loading (MS12-012)