This host is missing a critical security update according to Microsoft Security Advisory (2269637). This NVT has been replaced by NVT secpod_ms12-014.nasl (OID:1.3.6.1.4.1.25623.1.0.902792).

Successful exploitation will allow attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location. Impact Level: System

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

The flaw is due to the applications installed on windows, passes an insufficiently qualified path of '.dll' files when loading an external library.

Microsoft Windows 7 Service Pack 1 and prior. Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2 and prior. Microsoft Windows Vista Service Pack 2 and prior. Microsoft Windows Server 2008 Service Pack 2 and prior.

• http://support.microsoft.com/kb/2264107
• http://www.microsoft.com/technet/security/advisory/2269637.mspx

---

Updated on 2017-03-28