Object Packager Insecure Executable Launching Vulnerability (CVE-2012-0009)
2015年7月21日
危険度: : 緊急
CVE識別番号: CVE-2012-0009,MS12-002
概要
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
nvd: Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1004897
Trend Micro Deep Security DPI Rule Name: 1004897 - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
影響を受けるソフトウェア
- microsoft windows_server_2003
- microsoft windows_xp