MS07-012: Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)
High Nessus Plugin ID 24336
SynopsisArbitrary code can be executed on the remote host through the MFC component provided with Microsoft Windows.
DescriptionThe remote host contains a version of Microsoft Windows that has a vulnerability in the MFC component that could be abused by an attacker to execute arbitrary code on the remote host.
To exploit this vulnerability, an attacker would need to spend a specially crafted RTF file to a user on the remote host and lure him into opening it.
SolutionMicrosoft has released a set of patches for Windows 2000, XP and 2003.