MS12-082: Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)

High Nessus Plugin ID 63229


The remote Windows host could allow arbitrary code execution.


The version of Windows on the remote host is affected by a heap overflow vulnerability in DirectPlay that could allow an attacker to execute arbitrary code on the system. Successful exploitation requires that an attacker convince a user to view a specially crafted Office document with embedded content.


Microsoft has released a set of patches for XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.

See Also

Plugin Details

Severity: High

ID: 63229

File Name: smb_nt_ms12-082.nasl

Version: $Revision: 1.9 $

Type: local

Agent: windows

Published: 2012/12/11

Modified: 2017/07/26

Dependencies: 57033, 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/12/11

Vulnerability Publication Date: 2012/12/11

Reference Information

CVE: CVE-2012-1537

BID: 56839

OSVDB: 88312

MSFT: MS12-082

IAVB: 2012-B-0124

MSKB: 2770660