MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-013.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-013

Insight

The flaw is due to the way 'Msvcrt.dll' calculates the size of a buffer in memory, allowing data to be copied into memory that has not been properly allocated.

Affected

Micorsoft Windows 7 Service Pack 1 and prior. Microsoft Windows Vista Service Pack 2 and prior. Microsoft Windows Server 2008 Service Pack 2 and prior.

References

http://secunia.com/advisories/47949/
http://support.microsoft.com/kb/2654428
http://technet.microsoft.com/en-us/security/bulletin/ms12-013

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0150

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Message Queuing Remote Code Execution Vulnerability (951071)
Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
Microsoft IIS Authentication Remote Code Execution Vulnerability (982666)
Cumulative Security Update for Internet Explorer (950759)
Cumulative Security Update for Internet Explorer (931768)

Take action and discover your vulnerabilities