Title

Microsoft Expression Design Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a remote code execution vulnerability in Microsoft Expression Design. Microsoft Expression Design is a web design tool for creating standards-based Web sites. To exploit this vulnerability, an attacker would entice a user to access a legitimate Expression Design-related file located in the same directory as a malicious dynamic link library (DLL) file sent via email, hosted on a network share, a UNC, or WebDAV location. When attempting to access the legitimate file, Expression Design would attempt to load the DLL file and execute malicious code. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise the affected system.At this time, there are known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-31884

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.