MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by multiple vulnerabilities.

Description :

The remote Windows host is missing a security update. It is,
therefore, affected by multiple vulnerabilities :

- A flaw exists in the Win32k TrueType font parsing engine
that allows an unauthenticated, remote attacker to
execute arbitrary code by convincing a user to open a
Word document containing malicious font data.
(CVE-2011-3402)

- A flaw exists in the t2embed.dll module when parsing
TrueType fonts. An unauthenticated, remote attacker can
exploit this, via a crafted TTF file, to execute
arbitrary code. (CVE-2012-0159)

- A flaw exists in the .NET Framework due to a buffer
allocation error when handling an XBAP or .NET
application. An unauthenticated, remote attacker can
exploit this, via a specially crafted application, to
execute arbitrary code. (CVE-2012-0162)

- A flaw exists in the .NET Framework due to an error
when comparing the value of an index in a WPF
application. An unauthenticated, remote attacker can
exploit this to cause a denial of service condition.
(CVE-2012-0164)

- An flaw exists in GDI+ when handling specially crafted
EMF images that allows an unauthenticated, remote
attacker to execute arbitrary code. (CVE-2012-0165)

- A heap buffer overflow condition exists in Microsoft
Office in the GDI+ library when handling EMF images
embedded in an Office document. An unauthenticated,
remote attacker can exploit this to execute arbitrary
code by convincing a user to open a specially crafted
document. (CVE-2012-0167)

- A double-free error exists in agcore.dll when rendering
XAML strings containing Hebrew Unicode glyphs of certain
values. An unauthenticated, remote attacker can exploit
this to execute arbitrary code by convincing a user to
visit a specially crafted web page. (CVE-2012-0176)

- A privilege escalation vulnerability exists in the
way the Windows kernel-mode driver manages the functions
related to Windows and Messages handling. A local
attacker can exploit this, via a specially crafted
application, to gain elevated privileges.
(CVE-2012-0180)

- A privilege escalation vulnerability exists in the way
the Windows kernel-mode driver manages Keyboard Layout
files. A local attacker can exploit this, via a
specially crafted application, to gain elevated
privileges. (CVE-2012-0181)

- A privilege escalation vulnerability exists in the way
the Windows kernel-mode driver manages scrollbar
calculations. A local attacker can exploit this, via a
specially crafted application, to gain elevated
privileges. (CVE-2012-1848)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-12-131/
http://seclists.org/fulldisclosure/2012/Aug/60
https://technet.microsoft.com/library/security/ms12-034

Solution :

Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, 2008 R2; Office 2003, 2007, and 2010; .NET Framework 3.0,
3.5.1, and 4.0; and Silverlight 4 and 5.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now