Microsoft FAST Search Server 2010 For SharePoint RCE Vulnerabilities (2742321) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-067.

Impact

Successful exploitation could run arbitrary code in the context of a user account with a restricted token. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-067

Insight

The flaws are due to the error in Oracle Outside In libraries, when used by the Advanced Filter Pack while parsing specially crafted files.

Affected

Microsoft FAST Search Server 2010 for SharePoint Service Pack 1

References

http://support.microsoft.com/kb/2553402
http://technet.microsoft.com/en-us/security/bulletin/ms12-067

Updated on 2015-03-25

Severity

Classification

CVE	CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110.

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

MS Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabilities (2740358)
MS Exchange Server Remote Code Execution Vulnerabilities (2784126)
Microsoft FAST Search Server 2010 SharePoint RCE Vulnerabilities (2784242)
Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)
Microsoft FAST Search Server 2010 for SharePoint RCE Vulnerabilities (2742321)

Take action and discover your vulnerabilities