Insecure Executable Launching Vulnerability Found in Microsoft Windows Object Packager
( Microsoft Security Bulletin MS12-002, CVE-2012-0009 )
Summary
A remote code execution vulnerability has been discovered in the Windows Object Packager. An attacker could exploit this issue and cause the execution of arbitrary code on a targeted system. The Check Point IPS Software Blade provides protection against this problem at the network level.
Details
Windows Object Packager can be used to create a package (e.g. a sound file, an animation file, application file, etc.) that can be inserted into a file.
The vulnerability is due to the improper registration and implementation of the Object Packager. If a user opens a legitimate file that has an embedded object that is located in the same network directory as a maliciously crafted executable file, an attacker could gain access to the targeted system in the security context of the logged in user. She could then install programs, view, change or delete data, and create new accounts with full user rights.
Affected Products
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
Solution
Check Point recommends that the patch described in Microsoft Security Bulletin MS12-002 be deployed when practical. In the meantime, the Check Point IPS Software Blade protects systems on your network by detecting and blocking attempts to open files that have embedded packaged objects. For more information, see CPAI-2012-016.
Originally Published:
Last Updated: 11-Jan-2012