Title

Microsoft Windows C Run-Time Library Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in Windows C Run-Time Library (Msvcrt.dll). Msvcrt.dll is a multithreaded, C run-time dynamic link library that is used by system-level components. To exploit this vulnerability, an attacker would entice a user to open a malicious media file hosted on a web page or sent via email. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise the affected system. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS12-013 (2654428). Vulnerable Applications/Systems: Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86*, x64* and Itanium) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems/Applications not listed below. Msvcrt.dll Windows Vista / 2008 - 7.0.6002.18551 or 22755 Windows 7 / 2008 R2 - 7.0.7600.16930 or 21108 Windows 7 SP1 / 2008 R2 SP1 - 7.0.7601.17744 or 21878

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-31348

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.