MS12-013  MS12-013 - Critical : Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) - Version: 1.1

Version2012-07-31 Severity Rating: Critical Revision Note: V1.1 (July 31, 2012): Bulletin revised to announce a detection change in the Windows Vista packages for KB2654428 to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. An attacker who successfully exploited the vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Bulletin details at Microsoft.com

Related CVE Entries

CVE-2012-0150

Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
93.59%
Published
2012-02-14
Updated
2023-12-07
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close