Detections
Analytics

MS KB2719662: Vulnerabilities in Gadgets Could Allow Remote Code Execution

high Nessus Plugin ID 59915

Language:

Synopsis

Arbitrary code can be executed on the remote host through Desktop Gadgets.

Description

The remote version of Microsoft Windows is missing a workaround that mitigates multiple, unspecified remote code execution vulnerabilities caused by running insecure Gadgets. Windows Vista and 7 are affected by this issue. An attacker could exploit this by tricking a user into installing a vulnerable Gadget, resulting in arbitrary code execution.

Solution

Apply the workaround described in Microsoft security advisory 2719662.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2719662

https://support.microsoft.com/en-us/help/2719662/microsoft-security-advisory-vulnerabilities-in-gadgets-could-allow-rem

Plugin Details

Severity: High

ID: 59915

File Name: smb_kb2719662.nasl

Version: 1.9

Type: local

Agent: windows

Family: Windows

Published: 7/11/2012

Updated: 11/15/2018

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Rationale: Cvss identified. no associated cve assigned.

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated

Vulnerability Publication Date: 7/10/2012

Reference Information

MSKB: 2719662