Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Check Point Provides Network Protection against Microsoft Windows Packager Vulnerability


Microsoft Security Bulletin MS12-005CVE-2012-0013 )

Summary

A remote code execution vulnerability has been reported in how the Windows Object Packager loads "ClickOnce" applications that are embedded in Microsoft Office files. Successful exploitation could allow an attacker to run arbitrary code on the targeted system in the security context of the current user. The Check Point IPS Software Blade provides protection at the network level against this issue.

Details

ClickOnce is a Microsoft deployment technology that allows the creation of self-updating Windows applications that can be run with minimal user interaction. Windows Object Packager can be used to create a package (e.g. a sound file, an animation file, application file, etc.) that can be inserted into a file.

The vulnerability is due to the ClickOnce application file types not being in the Windows Packager unsafe files list; this allows ClickOnce applications to be embedded into Office documents. An attacker could embed a maliciously crafted ClickOnce application installer into an Office document, allowing the execution of arbitrary code without user interaction when that document is opened.

Affected Products

The following products have this vulnerability:

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems 
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems 
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems 
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 

Solution

Check Point recommends that the patch described in Microsoft Security Bulletin MS12-005 be deployed when practical. The Check Point IPS Software Blade protects unpatched systems at the network level by detecting and blocking the transferal of maliciously crafted Office files. For more information see CPAI-2012-018.

 

Originally Published:

Last Updated: 11-Jan-2012

Legal Notice for Threat Center Advisories