This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The Microsoft Expression Design install on the remote Windows host
could allow arbitrary code execution.
The version of Microsoft Expression Design installed on the remote
host is reportedly affected by an insecure library loading
A remote attacker could exploit this flaw by tricking a user into
opening a legitimate .xpr or .DESIGN file located in the same
directory as a maliciously crafted dynamic link library (DLL) file,
resulting in arbitrary code execution.
See also :
Microsoft has released a patch for Expression Design.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 58334 ()
Bugtraq ID: 52375
CVE ID: CVE-2012-0016
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.