MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

High Nessus Plugin ID 59042

Synopsis

The remote Windows host is affected by multiple vulnerabilities.

Description

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the Win32k TrueType font parsing engine that allows an unauthenticated, remote attacker to execute arbitrary code by convincing a user to open a Word document containing malicious font data.
(CVE-2011-3402)

- A flaw exists in the t2embed.dll module when parsing TrueType fonts. An unauthenticated, remote attacker can exploit this, via a crafted TTF file, to execute arbitrary code. (CVE-2012-0159)

- A flaw exists in the .NET Framework due to a buffer allocation error when handling an XBAP or .NET application. An unauthenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code. (CVE-2012-0162)

- A flaw exists in the .NET Framework due to an error when comparing the value of an index in a WPF application. An unauthenticated, remote attacker can exploit this to cause a denial of service condition.
(CVE-2012-0164)

- A flaw exists in GDI+ when handling specially crafted EMF images that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2012-0165)

- A heap buffer overflow condition exists in Microsoft Office in the GDI+ library when handling EMF images embedded in an Office document. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to open a specially crafted document. (CVE-2012-0167)

- A double-free error exists in agcore.dll when rendering XAML strings containing Hebrew Unicode glyphs of certain values. An unauthenticated, remote attacker can exploit this to execute arbitrary code by convincing a user to visit a specially crafted web page. (CVE-2012-0176)

- A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages the functions related to Windows and Messages handling. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges.
(CVE-2012-0180)

- A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages Keyboard Layout files. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-0181)

- A privilege escalation vulnerability exists in the way the Windows kernel-mode driver manages scrollbar calculations. A local attacker can exploit this, via a specially crafted application, to gain elevated privileges. (CVE-2012-1848)

Solution

Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2; Office 2003, 2007, and 2010; .NET Framework 3.0, 3.5.1, and 4.0; and Silverlight 4 and 5.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-12-131/

https://seclists.org/fulldisclosure/2012/Aug/60

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-034

Plugin Details

Severity: High

ID: 59042

File Name: smb_nt_ms12-034.nasl

Version: 1.49

Type: local

Agent: windows

Published: 2012/05/09

Updated: 2018/11/15

Dependencies: 13855, 27524, 42399, 57033

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:office, cpe:/a:microsoft:silverlight, cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/05/08

Vulnerability Publication Date: 2011/10/19

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-3402, CVE-2012-0159, CVE-2012-0162, CVE-2012-0164, CVE-2012-0165, CVE-2012-0167, CVE-2012-0176, CVE-2012-0180, CVE-2012-0181, CVE-2012-1848

BID: 50462, 53324, 53326, 53327, 53335, 53347, 53351, 53358, 53360, 53363

MSFT: MS12-034

IAVA: 2012-A-0079

EDB-ID: 18894

ZDI: ZDI-12-131

MSKB: 2589337, 2596672, 2596792, 2598253, 2636927, 2656405, 2656407, 2656409, 2656410, 2656411, 2658846, 2659262, 2660649, 2676562, 2686509, 2690729