Microsoft DirectPlay Office File Handling Invalid Memory Free (MS12-082; CVE-2012-1537)
| Check Point Reference: | CPAI-2013-016 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS12-082 | |
| Industry Reference(s): | CVE-2012-1537 |
|
| Protection Provided by: |
Security Gateway
|
|
|
Who is Vulnerable? Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2012 |
||
| Vulnerability Description An invalid memory free vulnerability exists in Microsoft DirectPlay. Successful exploitation could possibly result in arbitrary code execution in the context of the currently logged-in user. |
||
|
Update/Patch Available Apply patches from: MS12-082 |
|
|
Vulnerability Details The vulnerability is due to a logic error in initializing the DirectPlay ActiveX controls embedded in office documents. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted Office document file with an embedded DirectPlay ActiveX control. |
Protection Overview
This protection will detect and block the vulnerable ActiveX Control.
To configure the defense, select your product from the list below and follow the related protection steps.