Test ID:	1.3.6.1.4.1.25623.1.0.902784
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
Summary:	This host is missing an important security update according to; Microsoft Bulletin MS12-002.
Description:	Summary: This host is missing an important security update according to Microsoft Bulletin MS12-002. Vulnerability Insight: The flaw is due to the way that Windows registers and uses Windows Object Packager. This can be exploited to load an executable file (packager.exe) in an insecure manner by tricking a user into opening a Publisher file '.pub' containing an embedded packaged object located on a remote WebDAV or SMB share. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Affected Software/OS: - Microsoft Windows - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0009 BugTraq ID: 51297 http://www.securityfocus.com/bid/51297 Cert/CC Advisory: TA12-010A http://www.us-cert.gov/cas/techalerts/TA12-010A.html Microsoft Security Bulletin: MS12-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14393 http://www.securitytracker.com/id?1026494 http://secunia.com/advisories/45189
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.