MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-012.

Impact

Successful exploitation allows an attackers to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-012

Insight

The flaw is due to a Color Control Panel library used by the Color Control Panel application is loading libraries in an insecure manner.

Affected

Microsoft Windows Server 2008 Service Pack 2 and prior.

References

http://secunia.com/advisories/41874/
http://securitytracker.com/id/1026682
http://technet.microsoft.com/en-us/security/bulletin/ms12-012

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-5082

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)

Take action and discover your vulnerabilities