MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-012.

Impact

Successful exploitation allows an attackers to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-012

Insight

The flaw is due to a Color Control Panel library used by the Color Control Panel application is loading libraries in an insecure manner.

Affected

Microsoft Windows Server 2008 Service Pack 2 and prior.

References

http://secunia.com/advisories/41874/
http://securitytracker.com/id/1026682
http://technet.microsoft.com/en-us/security/bulletin/ms12-012

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-5082

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (939653)
Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
Consent User Interface Privilege Escalation Vulnerability (2442962)
Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)

Take action and discover your vulnerabilities