header-logo
Suggest Exploit
vendor:
Windows 7
by:
Byoungyoung Lee
9,3
CVSS
HIGH
Assembly Execution Vulnerability
94
CWE
Product Name: Windows 7
Affected Version From: Windows 7 32bit
Affected Version To: Windows 7 32bit
Patch Exists: YES
Related CWE: CVE-2012-0013
CPE: o:microsoft:windows_7::-:32-bit
Metasploit: https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2011-1833/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2009-5029/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-0864/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2011-4609/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2011-3209/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-0841/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2011-4324/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-1583/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2011-2496/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-0507/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-0060/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-0815/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-0061/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2011-3363/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2011-3188/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2011-2699/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-0207/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-2110/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-1569/https://www.rapid7.com/db/vulnerabilities/vmsa-2012-0013-cve-2012-1573/https://www.rapid7.com/db/?q=CVE-2012-0013&type=&page=2https://www.rapid7.com/db/?q=CVE-2012-0013&type=&page=3https://www.rapid7.com/db/?q=CVE-2012-0013&type=&page=2
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 32bit
2012

MS12-005 : Microsoft Windows Assembly Execution Vulnerability

This vulnerability allows an attacker to execute arbitrary assembly code on a vulnerable Windows system. By opening a malicious document file, an attacker can execute a python script which will execute arbitrary assembly code. This vulnerability affects Windows 7 32bit systems that are fully patched until Jan 2012.

Mitigation:

Users should ensure that their systems are up to date with the latest security patches.
Source

Exploit-DB raw data:

# Exploit Title: MS12-005 : Microsoft Windows Assembly Execution Vulnerability
# Date: 1/14/2012
# Author: Byoungyoung Lee, http://exploitshop.wordpress.com
# Version: Windows 7 32bit, fully patched until Jan 2012
# Tested on: Windows 7 32bit
# CVE : CVE-2012-0013

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18372.docm

Open the document file, then allow the macro execution. This will
execute python script (python interpreters are required).
DEMO : http://www.youtube.com/watch?v=Odi6HiqzmL8&feature=youtu.be&hd=1

Navigation

Suggest Exploit

Services By CQR