Date: 09 May 2012
References: ESB-2011.1106 ESB-2011.1235.2 ESB-2012.0540
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0444
Combined Security Update for Microsoft Office, Windows, .NET
Framework, and Silverlight (2681578)
9 May 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Office
Microsoft Windows
Microsoft .NET Framework
Microsoft Silverlight
Publisher: Microsoft
Operating System: Windows
Mac OS X
Impact/Access: Administrator Compromise -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2012-1848 CVE-2012-0181 CVE-2012-0180
CVE-2012-0176 CVE-2012-0167 CVE-2012-0165
CVE-2012-0164 CVE-2012-0162 CVE-2012-0159
CVE-2011-3402
Reference: ESB-2011.1235.2
ESB-2011.1106
Original Bulletin:
http://technet.microsoft.com/en-us/security/bulletin/ms12-034
- --------------------------BEGIN INCLUDED TEXT--------------------
Microsoft Security Bulletin MS12-034 - Critical
Combined Security Update for Microsoft Office, Windows, .NET Framework, and
Silverlight (2681578)
Published: Tuesday, May 08, 2012
Version: 1.0
General Information
Executive Summary
This security update resolves three publicly disclosed vulnerabilities and
seven privately reported vulnerabilities in Microsoft Office, Microsoft
Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most
severe of these vulnerabilities could allow remote code execution if a user
opens a specially crafted document or visits a malicious webpage that embeds
TrueType font files. An attacker would have no way to force users to visit a
malicious website. Instead, an attacker would have to convince users to visit
the website, typically by getting them to click a link in an email message or
Instant Messenger message that takes them to the attacker's website.
This security update is rated Critical for all supported releases of Microsoft
Windows; for Microsoft .NET Framework 4, except when installed on Itanium-based
editions of Microsoft Windows; and for Microsoft Silverlight 4 and Microsoft
Silverlight 5. This security update is rated Important for Microsoft Office
2003, Microsoft Office 2007, and Microsoft Office 2010. For more information,
see the subsection, Affected and Non-Affected Software, in this section.
Affected Software
Windows XP Service Pack 3 (Tablet PC Edition 2005 Service Pack 3 only)
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2007 Service Pack 3)
Microsoft Office 2010 (32-bit editions)
Microsoft Office 2010 Service Pack 1 (32-bit editions)
Microsoft Office 2010 (64-bit editions)
Microsoft Office 2010 Service Pack 1 (64-bit editions)
Microsoft Silverlight 4 when installed on Mac
Microsoft Silverlight 4 when installed on all supported releases of Microsoft
Windows clients
Microsoft Silverlight 4 when installed on all supported releases of Microsoft
Windows servers
Microsoft Silverlight 5 when installed on Mac
Microsoft Silverlight 5 when installed on all supported releases of Microsoft
Windows clients
Microsoft Silverlight 5 when installed on all supported releases of Microsoft
Windows servers
Vulnerability Information
TrueType Font Parsing Vulnerability - CVE-2011-3402
A remote code execution vulnerability exists in the way that affected
components handle a specially crafted TrueType font file. The vulnerability
could allow remote code execution if a user opens a specially crafted TrueType
font file. An attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user
rights. Users whose accounts are configured to have fewer user rights on the
system could be less impacted than users who operate with administrative user
rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2011-3402.
TrueType Font Parsing Vulnerability - CVE-2012-0159
A remote code execution vulnerability exists in the way that affected
components handle a specially crafted TrueType font file. The vulnerability
could allow remote code execution if a user opens a specially crafted TrueType
font file. An attacker who successfully exploited this vulnerability could take
complete control of an affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user
rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-0159.
.NET Framework Buffer Allocation Vulnerability - CVE-2012-0162
A remote code execution vulnerability exists in Microsoft .NET Framework that
can allow a specially crafted Microsoft .NET Framework application to access
memory in an unsafe manner. An attacker who successfully exploited this
vulnerability could run arbitrary code in the security context of the logged-on
user. An attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights. Users whose accounts are configured
to have fewer user rights on the system could be less impacted than users who
operate with administrative user rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-0162.
.NET Framework Index Comparison Vulnerability - CVE-2012-0164
A denial of service vulnerability exists in the way that .NET Framework
compares the value of an index. An attacker who successfully exploited this
vulnerability could cause applications created using WPF APIs to stop
responding until manually restarted. Note that the denial of service
vulnerability would not allow an attacker to execute code or to elevate their
user rights in any fashion.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-0164.
GDI+ Record Type Vulnerability - CVE-2012-0165
A remote code execution vulnerability exists in the way that GDI+ handles
validation of specially crafted EMF images. The vulnerability could allow
remote code execution if a user opens a specially crafted EMF image file. An
attacker who successfully exploited this vulnerability could take complete
control of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights. Users
whose accounts are configured to have fewer user rights on the system could be
less impacted than users who operate with administrative user rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-0165.
GDI+ Heap Overflow Vulnerability - CVE-2012-0167
A remote code execution vulnerability exists in the way that the Office GDI+
library handles validation of specially crafted EMF images embedded within an
Office document. The vulnerability could allow remote code execution if a user
opens a specially crafted Office document. An attacker who successfully
exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights. Users whose accounts are configured
to have fewer user rights on the system could be less impacted than users who
operate with administrative user rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-0167.
Silverlight Double-Free Vulnerability - CVE-2012-0176
A remote code execution vulnerability exists in Microsoft Silverlight that can
allow a specially crafted Silverlight application to access memory in an unsafe
manner. An attacker who successfully exploited this vulnerability could run
arbitrary code in the security context of the logged-on user. An attacker could
then install programs; view, change, or delete data; or create new accounts
with full user rights. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with
administrative user rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-0176.
Windows and Messages Vulnerability - CVE-2012-0180
An elevation of privilege vulnerability exists in the way that the Windows
kernel-mode driver manages the functions related to Windows and Messages
handling. An attacker who successfully exploited this vulnerability could run
arbitrary code in kernel mode. An attacker could then install programs; view,
change, or delete data; or create new accounts with full administrative rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-0180.
Keyboard Layout File Vulnerability - CVE-2012-0181
An elevation of privilege vulnerability exists in the way that the Windows
kernel-mode driver manages Keyboard Layout files. An attacker who successfully
exploited this vulnerability could run arbitrary code in kernel mode. An
attacker could then install programs; view, change, or delete data; or create
new accounts with full administrative rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-0181.
Scrollbar Calculation Vulnerability - CVE-2012-1848
An elevation of privilege vulnerability exists in the Windows kernel-mode
driver. An attacker who successfully exploited this vulnerability could run
arbitrary code in kernel mode. An attacker could then install programs; view,
change, or delete data; or create new accounts with full administrative rights.
To view this vulnerability as a standard entry in the Common Vulnerabilities
and Exposures list, see CVE-2012-1848.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT6m9cO4yVqjM2NGpAQKwnhAAlWmxOhDcCx3n/TY4sxcCTX2LENSwcxcF
goZgJ127dnbR9AGbjf1+6Qx0VnlmVlV39aI7KZJPP1NoOkfTMTSyxateUa6SU7ns
ZhhSqPG6APDS0fdjdUyTB3snZMRhay1bk5O8wvJs/h0beuOlj/qccN7q+gwwW96F
iUYv5nbH+6CrJvxyVLdxihXArM7I95sS3EBe0gK3epuqniZGidDeUev7eqdhvNRx
gZOxum+1oM0TI/uO6F54FSEYcf7ViOrwFROpjtqZXKQsxDJMVb1B6xx1m037fxoG
J+4lg4qOmTqbGq5P3SJGDccAvkepbhNPFViEWWELBR7nvUVXPgv5it6fsvCq0CWH
wbIfZ+6fhVUYwPUID4SMD6HEW2nYz51mI8FKh9fP0iexs7ps9MQBfDdh1GGg9mY8
5pQkgMAqKQpmgh9FmDDga78DS0XiIMKHqhIchMU4Wp9qGAKb7hvvzDhBCdarlCoi
OE2fPmJy4xyVCJs+nnZn5647Olu5CuQ86wShKwnFZM2iKjR9YXJtn3nIWx2X88nQ
WAwtRdoDMuPS/Si0FvAvu+JLxZ3S1DdehrN9q6D7y75nCN0TTZzTs2D/dX3RJ70E
Ap8lqE+8jCBtF5YD2QrzHxS79IQn4uDg7/MztrqzvV9H1yTs1gSJ9dOl0VP49nf5
iC5i4058JgY=
=Rsia
-----END PGP SIGNATURE-----
|