Computer Security
[EN] securityvulns.ru
no-pyccku



Microsoft Expression Design unsafe DLL loading
Published:14.03.2012
Source:MICROSOFT
SecurityVulns ID:12248
Type:client
Level:5/10
Description:Unsafe DLL loading on .xpr and .design files processing.
Affected:MICROSOFT : Microsoft Expression Design 2
 MICROSOFT : Microsoft Expression Design 3
 MICROSOFT : Microsoft Expression Design 4
CVE:CVE-2012-0016 (Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability.")
Files:Microsoft Security Bulletin MS12-022 - Important Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru