Name | ms12_005 |
CVE | CVE-2012-0013 |
Exploit Pack | CANVAS |
Description | MS12-005: MS Office 2007-2010 Shell Object Packager file extension bypass |
Notes | Repeatability: Infinite Notes: The issue we exploit here was fixed silently alongside the ClickOnce issues in the MS12-005 patch but allows for a much cleaner exploitation primitive. To use this exploit, prepare a PPTX using this module by embedding a desired executable (PE .EXE), then save the resulting patched PPTX as a PPS (97-2003 powerpoint show) using MS Office 2010. This PPS may be served to vulnerable MS Office 2007-2010 installations on Windows Vista and 7 and will execute the embedded executable without further user interaction on opening of the PPS. VENDOR: Microsoft CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0013 CVE Name: CVE-2012-0013 |
Learn more about the CANVAS Exploit Pack here: CANVAS |